1. CVE-Search
  2. CVE-2009-0586
ID CVE-2009-0586
Summary Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.9:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.10:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.11:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.12:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.13:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.15:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.16:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.17:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.18:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.19:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.20:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.21:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.22:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.22:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 13-02-2023 - 02:19)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:21:23.981-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:9694
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
version 18
redhat via4
advisories
bugzilla
id 488208
title CVE-2009-0586 gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_coverart()
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment gstreamer-plugins-base is earlier than 0:0.10.20-3.0.1.el5_3
          oval oval:com.redhat.rhsa:tst:20090352001
        • comment gstreamer-plugins-base is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090352002
      • AND
        • comment gstreamer-plugins-base-devel is earlier than 0:0.10.20-3.0.1.el5_3
          oval oval:com.redhat.rhsa:tst:20090352003
        • comment gstreamer-plugins-base-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090352004
rhsa
id RHSA-2009:0352
released 2009-04-06
severity Moderate
title RHSA-2009:0352: gstreamer-plugins-base security update (Moderate)
rpms
  • gstreamer-plugins-base-0:0.10.20-3.0.1.el5_3
  • gstreamer-plugins-base-debuginfo-0:0.10.20-3.0.1.el5_3
  • gstreamer-plugins-base-devel-0:0.10.20-3.0.1.el5_3
refmap via4
bid 34100
bugtraq 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
confirm http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9
gentoo GLSA-200907-11
mandriva MDVSA-2009:085
misc
mlist [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
secunia
  • 34335
  • 34350
  • 35777
suse SUSE-SR:2009:009
ubuntu USN-735-1
xf gstreamer-gstvorbistagaddcoverart-bo(49274)
Last major update 13-02-2023 - 02:19
Published 14-03-2009 - 18:30
Last modified 13-02-2023 - 02:19
Back to Top