ID CVE-2009-0586
Summary Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:gstreamer:gst-plugins-base:*:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer:gst-plugins-base:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-10-2018 - 19:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:21:23.981-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:9694
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
version 18
redhat via4
advisories
bugzilla
id 488208
title CVE-2009-0586 gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_coverart()
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment gstreamer-plugins-base is earlier than 0:0.10.20-3.0.1.el5_3
        oval oval:com.redhat.rhsa:tst:20090352002
      • comment gstreamer-plugins-base is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20090352003
    • AND
      • comment gstreamer-plugins-base-devel is earlier than 0:0.10.20-3.0.1.el5_3
        oval oval:com.redhat.rhsa:tst:20090352004
      • comment gstreamer-plugins-base-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20090352005
rhsa
id RHSA-2009:0352
released 2009-04-06
severity Moderate
title RHSA-2009:0352: gstreamer-plugins-base security update (Moderate)
rpms
  • gstreamer-plugins-base-0:0.10.20-3.0.1.el5_3
  • gstreamer-plugins-base-devel-0:0.10.20-3.0.1.el5_3
refmap via4
bid 34100
bugtraq 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
confirm http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9
gentoo GLSA-200907-11
mandriva MDVSA-2009:085
misc
mlist [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
secunia
  • 34335
  • 34350
  • 35777
suse SUSE-SR:2009:009
ubuntu USN-735-1
xf gstreamer-gstvorbistagaddcoverart-bo(49274)
Last major update 10-10-2018 - 19:29
Published 14-03-2009 - 18:30
Back to Top