QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0586

Published: Mar 14, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

oval:org.mitre.oval:def:9694

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9

x_refsource_CONFIRM

[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_MANDRIVA

20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows

mailing-list

x_refsource_BUGTRAQ

http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff

x_refsource_MISC

SUSE-SR:2009:009

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

gstreamer-gstvorbistagaddcoverart-bo(49274)

vdb-entry

x_refsource_XF

http://www.ocert.org/advisories/ocert-2008-015.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.