Bug 797249 (CVE-2012-0270)

Summary: CVE-2012-0270 csound: two buffer overflow flaws in getnum()
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: paul, pbrobinson, znmeb
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: csound 5.16.6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-23 21:59:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 797251    
Bug Blocks:    

Description Vincent Danen 2012-02-24 16:57:20 UTC 
It was discovered [1] that Csound contained two boundary errors that could be exploited by tricking a user into converting a malicious file, leading to a stack-based buffer overflow and the possible execution of arbitrary code.  The first is in the getnum() function (util/heti_main.c) when processing a hetro file, the second is in the getnum() function (util/pv_import.c) when processing a PVOC file.

This flaw is confirmed in 5.13.0 (currently in Feodra) and is fixed in upstream 5.16.6 [2].

[1] http://secunia.com/secunia_research/2012-3/
[2] http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
Comment 1 Vincent Danen 2012-02-24 16:58:51 UTC 
Created csound tracking bugs for this issue

Affects: fedora-all [bug 797251]
Comment 2 Vincent Danen 2013-12-23 21:59:21 UTC 
Fedora 20 contains csound 5.19.01 which includes the fix for this flaw.

Given the age of this, it seems pretty obvious that this will not get fixed in anything earlier (like Fedora 19), so closing it since it is finally fixed in the most recent (and future) Fedora versions.
Comment 3 Peter Robinson 2013-12-24 09:22:20 UTC 
It will make it to F-19, I just need to get the time to workout why it's not building there.