An integer overflow, leading to a heap-based buffer overflow was found in lpc_import utility. If a specially crafted CSV file was opened by the lpc_import utility, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running lpc_import Reference: http://secunia.com/secunia_research/2012-6/ Possible patch: http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2
The commit date does not match the secunia advisory, but this seems to be the only commit which matches the flaw description. coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT)); would cause an integer overflow and later when data was copied into coef at: fread(&coef[0], sizeof(MYFLT), hdr.npoles, inf); it would cause an heap-based buffer overflow as well.
Created csound tracking bugs for this issue Affects: fedora-all [bug 812721]
Assigned CVE as per http://www.openwall.com/lists/oss-security/2012/04/16/9
csound 6 is in all current releases (from GA)