Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.4%.
Buffer Overflow
RCE
Csound
NVD
Exploit-DB
CVSS 2.0
7.5
EPSS
75.4%
Threat
5.3