CVE-2012-2108 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Csounds	Csound

Configuration 1 [-]

OR	cpe:2.3:a:csounds:csound::::::::
	cpe:2.3:a:csounds:csound:5.10:::::::*
	cpe:2.3:a:csounds:csound:5.10.1:::::::*
	cpe:2.3:a:csounds:csound:5.11:::::::*
	cpe:2.3:a:csounds:csound:5.11.1:::::::*
	cpe:2.3:a:csounds:csound:5.12:::::::*
	cpe:2.3:a:csounds:csound:5.12.1:::::::*
	cpe:2.3:a:csounds:csound:5.12.3:::::::*
	cpe:2.3:a:csounds:csound:5.12.4:::::::*
	cpe:2.3:a:csounds:csound:5.13.0:::::::*
	cpe:2.3:a:csounds:csound:5.13.1:::::::*
	cpe:2.3:a:csounds:csound:5.14.0:::::::*
	cpe:2.3:a:csounds:csound:5.14.1:::::::*
	cpe:2.3:a:csounds:csound:5.14.2:::::::*
	cpe:2.3:a:csounds:csound:5.15.0:::::::*
	cpe:2.3:a:csounds:csound:5.16:::::::*
	cpe:2.3:a:csounds:csound:5.16.1:::::::*

No data.

References

Link	Providers
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505
http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html
http://secunia.com/advisories/48719
http://secunia.com/secunia_research/2012-4/
http://www.openwall.com/lists/oss-security/2012/04/16/1
http://www.openwall.com/lists/oss-security/2012/04/16/9
http://www.osvdb.org/81015
http://www.securityfocus.com/bid/52876
https://bugzilla.redhat.com/show_bug.cgi?id=810810
https://exchange.xforce.ibmcloud.com/vulnerabilities/74649

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.07188}`	epss `{'score': 0.06785}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-04T18:00:00

Updated: 2024-08-06T19:26:07.682Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2108

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-02-04T21:55:07.983

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-2108

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2012-4/"}, {"name": "48719", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48719"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810810"}, {"name": "81015", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/81015"}, {"name": "52876", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52876"}, {"name": "csound-main-bo(74649)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74649"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505"}, {"name": "openSUSE-SU-2012:0550", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"}, {"name": "[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"}, {"name": "[oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:07.682Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2012-4/"}, {"name": "48719", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48719"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810810"}, {"name": "81015", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/81015"}, {"name": "52876", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52876"}, {"name": "csound-main-bo(74649)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74649"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505"}, {"name": "openSUSE-SU-2012:0550", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"}, {"name": "[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"}, {"name": "[oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2108", "datePublished": "2014-02-04T18:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:07.682Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:csounds:csound:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB3A01C4-2AAA-4919-B486-F2D418486A80", "versionEndIncluding": "5.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "B9636A6C-811F-4B53-8055-B40602C970CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D50A8B19-6CA5-486B-A771-9C7B1AAF0784", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.11:*:*:*:*:*:*:*", "matchCriteriaId": "AAC1C204-5C53-48A3-B7B7-7479574E32BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "E93B0D99-8271-429D-9CC2-D8B840208C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.12:*:*:*:*:*:*:*", "matchCriteriaId": "485727E7-D871-49E3-9E86-5E4BEB57D29A", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "8301E935-80A6-4C46-A1CC-2665D967C182", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "E9D76B20-ACE4-4EE0-82BF-5D4F184B6BFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "C081F4EF-3E22-4686-A5A3-06BC5EC1E6E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B696601-3271-4EC2-AEA5-61CA592F49BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "525AE1DA-E53D-4A9D-9F3C-DF91685B6D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F87EEE3-0F61-4D0C-8924-741B5C94FBC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD73A9F4-901E-4479-9343-E15C55CD236E", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "9881CAEB-BE5E-48AF-9EB6-A573D43496A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "88EB9346-8FA9-4BB4-B284-394A65E0D0ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.16:*:*:*:*:*:*:*", "matchCriteriaId": "7CB9BF69-8DCF-4AC6-8658-264D74436CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:csounds:csound:5.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC0A7EC0-038C-4810-9098-DD557969A2DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en la funci\u00f3n principal en util/lpci_main.c en Csound anterior a 5.17.2, cuando convierte un fichero, permite atacantes remotos asistidos por usuario ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero manipulado."}], "id": "CVE-2012-2108", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-02-04T21:55:07.983", "references": [{"source": "secalert@redhat.com", "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48719"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/secunia_research/2012-4/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/81015"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/52876"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810810"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74649"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48719"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2012-4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/81015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74649"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}