what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2009-0586

Status Candidate

Overview

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 200907-11
Posted Jul 13, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-11 - Multiple vulnerabilities in multiple GStreamer plug-ins might allow for the execution of arbitrary code. Versions less than 0.10.14 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0386, CVE-2009-0387, CVE-2009-0397, CVE-2009-0586, CVE-2009-1932
SHA-256 | 65f2ad848313d3757203dc621dcf67f90a500f586c6f01936864f1b497f45c65
Mandriva Linux Security Advisory 2009-085
Posted Apr 2, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-085 - Integer overflows in gstreamer0.10-plugins-base Base64 encoding and decoding functions may lead attackers to cause denial of service. Although vector attacks are not known yet. This update provides the fix for that security issue.

tags | advisory, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2009-0586
SHA-256 | 891a03bb1aee1a11efbe9c7b8bbfa659fbd781b1b23999b817ef8e0d856f7e99
Ubuntu Security Notice 735-1
Posted Mar 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-735-1 - It was discovered that the Base64 decoding functions in GStreamer Base Plugins did not properly handle large images in Vorbis file tags. If a user were tricked into opening a specially crafted Vorbis file, an attacker could possibly execute arbitrary code with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0586
SHA-256 | fd424f82cf882fbd59608a64ee9ee0e070c4235da7e96a3c94f60a15d7238d77
Open Source CERT Security Advisory 2008.15
Posted Mar 12, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications which predate glib are vulnerable due to the commonality of this flawed code.

tags | advisory, arbitrary, vulnerability, code execution
advisories | CVE-2008-4316, CVE-2009-0585, CVE-2009-0586, CVE-2009-0587
SHA-256 | 53bba693225b9b5a30ee3d26bab42447350b5931b378ef7725720712448ef169
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close