Aggregates CVE and security vulnerability intelligence across all csounds-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk buffer overflow and vendor risk integer handling; exposure may include vendor impact application crash and vendor impact memory corruption in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-0270 | Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c. | [email protected] | 7.5 | 54.67% | 2014-02-17 | 2026-04-29 |
| CVE-2012-2108 | Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file. | [email protected] | 9.3 | 6.60% | 2014-02-04 | 2026-04-29 |
| CVE-2012-2107 | Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow. | [email protected] | 9.3 | 6.69% | 2014-02-04 | 2026-04-29 |
| CVE-2012-2106 | Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow. | [email protected] | 9.3 | 5.67% | 2014-02-04 | 2026-04-29 |