1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Csound CVE-2012-0270

Attack: Csound CVE-2012-0270

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in Csound.

Additional Information

Csound is a sound and music composition application.

Csound is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds check user-supplied data:

1. A stack-based buffer-overflow in the 'getnum()' function of the 'util/heti_main.c' source file. This issue occurs when handling a specially-crafted hetro file.

2. A stack-based buffer-overflow in the 'getnum()' function of the 'util/pv_import.c' source file. This issue occurs when handling a specially-crafted PVOC file.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed attacks will cause denial-of-service conditions.

Affected

  • Csound 5.13.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube