Showing 1 - 4 of 4

CVE-2009-0586

Status Candidate

Overview

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 200907-11: Posted Jul 13, 2009; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200907-11 - Multiple vulnerabilities in multiple GStreamer plug-ins might allow for the execution of arbitrary code. Versions less than 0.10.14 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2009-0386, CVE-2009-0387, CVE-2009-0397, CVE-2009-0586, CVE-2009-1932; SHA-256 | 65f2ad848313d3757203dc621dcf67f90a500f586c6f01936864f1b497f45c65; Download | Favorite | View

Mandriva Linux Security Advisory 2009-085: Posted Apr 2, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-085 - Integer overflows in gstreamer0.10-plugins-base Base64 encoding and decoding functions may lead attackers to cause denial of service. Although vector attacks are not known yet. This update provides the fix for that security issue.; tags | advisory, denial of service, overflow; systems | linux, mandriva; advisories | CVE-2009-0586; SHA-256 | 891a03bb1aee1a11efbe9c7b8bbfa659fbd781b1b23999b817ef8e0d856f7e99; Download | Favorite | View

Ubuntu Security Notice 735-1: Posted Mar 16, 2009; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-735-1 - It was discovered that the Base64 decoding functions in GStreamer Base Plugins did not properly handle large images in Vorbis file tags. If a user were tricked into opening a specially crafted Vorbis file, an attacker could possibly execute arbitrary code with user privileges.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2009-0586; SHA-256 | fd424f82cf882fbd59608a64ee9ee0e070c4235da7e96a3c94f60a15d7238d77; Download | Favorite | View

Open Source CERT Security Advisory 2008.15: Posted Mar 12, 2009; Authored by Will Drewry, Open Source CERT | Site ocert.org; Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications which predate glib are vulnerable due to the commonality of this flawed code.; tags | advisory, arbitrary, vulnerability, code execution; advisories | CVE-2008-4316, CVE-2009-0585, CVE-2009-0586, CVE-2009-0587; SHA-256 | 53bba693225b9b5a30ee3d26bab42447350b5931b378ef7725720712448ef169; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2009-0586

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems