Summary: | <=media-plugins/gst-plugins-libpng-0.10.14: Multiple integer overflows (CVE-2009-1932) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gstreamer |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=d9544bcc44adcef769cbdf7f6453e140058a3adc | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 266986 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
![]() ![]() ![]() ====================================================== Name: CVE-2009-1932 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932 Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow. Please stabilize gst-plugins-good 0.10.14-r1 which includes the patch. Sorry guys, but this isn't working like that. The patch needs to be applied in gst-plugins-libpng, thanks to our wonderful gst layout. But it's nice to recompile gst-plugins-good for just the kicks :-) Damn mid-air collisions, was just about to do mostly the same change. Adjusting summary. Maintainers, please add the patch to gst-plugins-libpng. media-plugins/gst-plugins-libpng-0.10.14-r1 is now there and needs to be stabilized. Sorry for the fuck up.. Sparc will also need to do bug #266986 which I've set as a dep. Stable on alpha. x86 stable amd64 stable ppc64 done ppc done sparc stable GLSA 200907-11 |