CVE-2009-1932

Related Files

Mandriva Linux Security Advisory 2009-130

Posted Dec 4, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-130 - Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2009-1932

SHA-256 | 0ea637ba76035912f6dbea4e133425a0b65757122e17e31703ce528aa16380a7

Download | Favorite | View

Debian Linux Security Advisory 1839-1

Posted Jul 20, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1839-1 - It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the "good" set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2009-1932

SHA-256 | 020ddb2f99726ee66c9b9732bf1f93b25eb40f76f4839221462e3ab20e4797a8

Download | Favorite | View

Gentoo Linux Security Advisory 200907-11

Posted Jul 13, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-11 - Multiple vulnerabilities in multiple GStreamer plug-ins might allow for the execution of arbitrary code. Versions less than 0.10.14 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-0386, CVE-2009-0387, CVE-2009-0397, CVE-2009-0586, CVE-2009-1932

SHA-256 | 65f2ad848313d3757203dc621dcf67f90a500f586c6f01936864f1b497f45c65

Download | Favorite | View

Ubuntu Security Notice 789-1

Posted Jun 23, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-789-1 - Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2009-1932

SHA-256 | b410c406ea6366a46dad25c5f9c1913bbc6c19f5212e0d4b641e81765df0f648

Download | Favorite | View

Mandriva Linux Security Advisory 2009-130

Posted Jun 8, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-130 - Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2009-1932

SHA-256 | 249be2e2efb0be27eef96b1462955e8ed7ccc41c54dca0f7ef58aa695caefdec

Download | Favorite | View