From secunia security advisory at $URL: Description Secunia Research has discovered a vulnerability in Csound, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in the pv_import utility within the "pv_import()" function (util/pv_import.c) and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into converting a specially crafted file. The vulnerability is confirmed in version 5.16.6. Other versions may also be affected. Solution Do not process files from untrusted sources.
@security: This can probably be closed since it should be fixed in recent versions in the tree.
(In reply to comment #1) > @security: This can probably be closed since it should be fixed in recent > versions in the tree. which exaxtly version fixes?
(In reply to comment #2) > (In reply to comment #1) > > @security: This can probably be closed since it should be fixed in recent > > versions in the tree. > > which exaxtly version fixes? >=5.17
CVE-2012-2106 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2106): Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
