Bug 810802 (CVE-2012-2106) - CVE-2012-2106 Csound: Integer overflow leading to buffer overflow in pv_import
Summary: CVE-2012-2106 Csound: Integer overflow leading to buffer overflow in pv_import
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2012-2106
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 812721
Blocks: 810821
TreeView+ depends on / blocked
 
Reported: 2012-04-09 08:39 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-09-29 12:51 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-20 14:06:16 UTC
Embargoed:

Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2012-04-09 08:39:01 UTC 
An integer overflow, leading to a heap-based buffer overflow was found in pv_import utility. If a specially crafted CSV file was opened by the pv_import utility, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running pv_import

Reference:
http://secunia.com/secunia_research/2012-7/

Patch:
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=blobdiff;f=util/pv_import.c;h=4766dbff22510675a444dd242d432292893949c9;hp=811fccf0a04ec39964710fae509b601fdc330852;hb=7d617a9551fb6c552ba16874b71266fcd90f3a6f;hpb=5fbf93d9f6dc21b9e4e085b26b724ba73c2f1c01

and

http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3
Comment 1 Huzaifa S. Sidhpurwala 2012-04-16 05:29:52 UTC 
Created csound tracking bugs for this issue

Affects: fedora-all [bug 812721]
Comment 2 Kurt Seifried 2012-04-16 19:33:25 UTC 
Assigned CVE as per http://www.openwall.com/lists/oss-security/2012/04/16/9
Comment 3 Peter Robinson 2016-01-20 14:06:16 UTC 
csound 6 is in all current releases (from GA)
Note You need to log in before you can comment on or make changes to this bug.