Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 262552

Summary: <media-libs/gst-plugins-base-0.10.23 Integer overflow in included vorbis (CVE-2009-0586)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: gstreamer
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9
Whiteboard: B4 [ebuild]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-15 11:43:23 UTC 
CVE-2009-0586 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0586):
  Integer overflow in gst-libs/gst/tag/gstvorbistag.c in vorbistag in
  gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in
  GStreamer allows context-dependent attackers to execute arbitrary
  code via a long string that is converted from a base64 representation.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-03-15 14:28:57 UTC 

*** This bug has been marked as a duplicate of bug 261594 ***