Candidate: CVE-2012-0270
PublicDate: 2014-02-17 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0270
 http://secunia.com/secunia_research/2012-3/
Description:
 Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote
 attackers to execute arbitrary code via a crafted (1) hetro file to the
 getnum function in util/heti_main.c or (2) PVOC file to the getnum function
 in util/pv_import.c.
Ubuntu-Description:
Notes:
 tyhicks> Fixed upstream in 5.16.6
 tyhicks> Per Debian, everything back to Hardy is affected
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=797249
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_csound:
 upstream: http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
upstream_csound: released (5.16.6)
hardy_csound: ignored (reached end-of-life)
lucid_csound: ignored (reached end-of-life)
maverick_csound: ignored (reached end-of-life)
natty_csound: ignored (reached end-of-life)
oneiric_csound: ignored (reached end-of-life)
precise_csound: not-affected (1:5.17.6~dfsg-1)
quantal_csound: not-affected (1:5.17.6~dfsg-3)
raring_csound: not-affected (1:5.17.6~dfsg-3)
saucy_csound: not-affected (1:5.17.6~dfsg-3)
devel_csound: not-affected (1:5.17.6~dfsg-3)