CVE-2008-5986

N/A Unknown

Published: January 28, 2009 Modified: April 23, 2026

Description

Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2009/01/26/2

Source: cve@mitre.org

http://www.securityfocus.com/bid/33446

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=481550

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/48276

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2009/01/26/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/33446

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=481550

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/48276

Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.1%

18th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

csound