Login Sign Up

CVE-2012-0824

9.8 CRITICAL

📋 TL;DR

CVE-2012-0824 is a format string vulnerability in gnusound 0.7.5 that allows attackers to execute arbitrary code by exploiting improper format string handling. This affects users running vulnerable versions of gnusound, particularly those processing untrusted audio files. The vulnerability can lead to complete system compromise.

💻 Affected Systems

Products:
  • gnusound
Versions: 0.7.5 and possibly earlier versions
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing specially crafted audio files. Requires user interaction to open malicious files.

📦 What is this software?

Gnusound by Gnu

View all CVEs affecting Gnusound →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete system takeover, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or remote code execution when processing malicious audio files, potentially compromising user accounts.

🟢

If Mitigated

Denial of service or application crash if exploit attempts are blocked by security controls.

🌐 Internet-Facing: LOW (gnusound is typically not exposed directly to internet)
🏢 Internal Only: MEDIUM (requires user interaction to process malicious files)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires user to open malicious audio file. Format string vulnerabilities are well-understood and relatively easy to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.7.6 and later

Vendor Advisory: https://access.redhat.com/security/cve/cve-2012-0824

Restart Required: No

Instructions:

1. Update gnusound to version 0.7.6 or later using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt-get update && sudo apt-get install gnusound. 3. For Red Hat/CentOS: sudo yum update gnusound. 4. Verify installation with gnusound --version.

🔧 Temporary Workarounds

Disable gnusound execution

linux

Remove execute permissions or uninstall gnusound if not needed

sudo chmod -x /usr/bin/gnusound
sudo apt-get remove gnusound

Restrict file processing

all

Configure system to only allow trusted audio files

🧯 If You Can't Patch

  • Implement application whitelisting to prevent gnusound execution
  • Use mandatory access controls (SELinux/AppArmor) to restrict gnusound capabilities

🔍 How to Verify

Check if Vulnerable:

Check gnusound version: gnusound --version | grep -i '0.7.5'

Check Version:

gnusound --version

Verify Fix Applied:

Verify gnusound version is 0.7.6 or higher: gnusound --version

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault logs from gnusound
  • Unexpected process termination of gnusound

Network Indicators:

  • Unusual outbound connections from gnusound process

SIEM Query:

process_name:"gnusound" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2012-0824
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-134
Published: November 19, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2012-0824, you might also want to check these:

CVE-2021-41193 9.8

CVE-2021-41193 is a remote format string vulnerability in wire-avs, the audio visual signaling compo...

Same vulnerability type (CWE-134)
CVE-2021-42911 9.8

This is a critical format string vulnerability in DrayTek router firmware that allows remote attacke...

Same vulnerability type (CWE-134)
CVE-2020-13160 9.8

This CVE describes a format string vulnerability in AnyDesk on Linux and FreeBSD systems that allows...

Same vulnerability type (CWE-134)