CVE-2009-0586
Published: 14 March 2009
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
gst-plugins-base0.10 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Not vulnerable
(code not present)
|
|
gutsy |
Not vulnerable
(code not present)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Released
(0.10.21-3ubuntu0.1)
|
|
Patches: other: http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff |