The Gstreamer ID3v2 implementation uses arbitrarily supplied data to generate buffers for the ID3v2 object and frames. By providing a maliciously crafted file with a null length in the ID3v2 header and an arbitrarily set length in the succeeding frame it is possible to generate an out of bounds read. An attacker may leverage this vulnerability to cause at minimum a denial of service attack. Version 1.0 is affected.
7053c885758da05fdc4302099f0183ee8781c3524ce7b49a27b4cff6b94c85c9