Bug 810802 (CVE-2012-2106)

Summary: CVE-2012-2106 Csound: Integer overflow leading to buffer overflow in pv_import
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jrusnack, paul, pbrobinson, znmeb
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20120119,reported=20120404,source=gentoo,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,fedora-all/csound=affected,cwe=CWE-190->CWE-122
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-20 09:06:16 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 812721    
Bug Blocks: 810821    

Description Huzaifa S. Sidhpurwala 2012-04-09 04:39:01 EDT
An integer overflow, leading to a heap-based buffer overflow was found in pv_import utility. If a specially crafted CSV file was opened by the pv_import utility, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running pv_import

Reference:
http://secunia.com/secunia_research/2012-7/

Patch:
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=blobdiff;f=util/pv_import.c;h=4766dbff22510675a444dd242d432292893949c9;hp=811fccf0a04ec39964710fae509b601fdc330852;hb=7d617a9551fb6c552ba16874b71266fcd90f3a6f;hpb=5fbf93d9f6dc21b9e4e085b26b724ba73c2f1c01

and

http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3
Comment 1 Huzaifa S. Sidhpurwala 2012-04-16 01:29:52 EDT
Created csound tracking bugs for this issue

Affects: fedora-all [bug 812721]
Comment 2 Kurt Seifried 2012-04-16 15:33:25 EDT
Assigned CVE as per http://www.openwall.com/lists/oss-security/2012/04/16/9
Comment 3 Peter Robinson 2016-01-20 09:06:16 EST
csound 6 is in all current releases (from GA)