Red Hat Bugzilla – Bug 810807
CVE-2012-2107 Csound: Integer overflow leading to buffer overflow in lpc_import
Last modified: 2016-01-21 04:50:33 EST
An integer overflow, leading to a heap-based buffer overflow was found in lpc_import utility. If a specially crafted CSV file was opened by the lpc_import utility, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running lpc_import
The commit date does not match the secunia advisory, but this seems to be the only commit which matches the flaw description.
coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT)); would cause an integer overflow and later when data was copied into coef at:
fread(&coef, sizeof(MYFLT), hdr.npoles, inf); it would cause an heap-based buffer overflow as well.
Created csound tracking bugs for this issue
Affects: fedora-all [bug 812721]
Assigned CVE as per http://www.openwall.com/lists/oss-security/2012/04/16/9
csound 6 is in all current releases (from GA)