From secunia security advisory at $URL: Description Secunia Research has discovered two vulnerabilities in Csound, which can be exploited by malicious people to compromise a user's system. 1) A boundary error within the "main()" function (util/lpci_main.c) can be exploited to cause a stack-based buffer overflow. 2) An integer overflow error within the "main()" function (util/lpci_main.c) can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into converting a specially crafted file. The vulnerabilities are confirmed in version 5.16.6. Other versions may also be affected. Solution Update to version 5.17.2.
fixed
CVE-2012-2108 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2108): Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file. CVE-2012-2107 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2107): Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
