Bug 810807 - (CVE-2012-2107) CVE-2012-2107 Csound: Integer overflow leading to buffer overflow in lpc_import
CVE-2012-2107 Csound: Integer overflow leading to buffer overflow in lpc_import
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120306,repor...
: Security
Depends On: 812721
Blocks: 810821
  Show dependency treegraph
 
Reported: 2012-04-09 04:56 EDT by Huzaifa S. Sidhpurwala
Modified: 2016-01-21 04:50 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-20 09:18:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2012-04-09 04:56:47 EDT
An integer overflow, leading to a heap-based buffer overflow was found in lpc_import utility. If a specially crafted CSV file was opened by the lpc_import utility, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running lpc_import

Reference:
http://secunia.com/secunia_research/2012-6/

Possible patch:
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2
Comment 1 Huzaifa S. Sidhpurwala 2012-04-16 01:27:22 EDT
The commit date does not match the secunia advisory, but this seems to be the only commit which matches the flaw description.

coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT)); would cause an integer overflow and later when data was copied into coef at:
fread(&coef[0], sizeof(MYFLT), hdr.npoles, inf); it would cause an heap-based buffer overflow as well.
Comment 2 Huzaifa S. Sidhpurwala 2012-04-16 01:30:24 EDT
Created csound tracking bugs for this issue

Affects: fedora-all [bug 812721]
Comment 3 Kurt Seifried 2012-04-16 15:33:33 EDT
Assigned CVE as per http://www.openwall.com/lists/oss-security/2012/04/16/9
Comment 4 Peter Robinson 2016-01-20 09:18:33 EST
csound 6 is in all current releases (from GA)

Note You need to log in before you can comment on or make changes to this bug.