Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 272972 (CVE-2009-1932)

Summary: <=media-plugins/gst-plugins-libpng-0.10.14: Multiple integer overflows (CVE-2009-1932)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gstreamer
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=d9544bcc44adcef769cbdf7f6453e140058a3adc
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 266986    
Bug Blocks:    

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-06-06 20:41:25 UTC 
From Secunia:

A vulnerability has been discovered in GStreamer Good Plug-ins, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerability is caused due to an integer overflow error in ext/libpng/gstpngdec.c, which can be exploited to cause a heap-based buffer overflow via a specially crafted PNG file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 0.10.15. Other versions may also be affected.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-06-06 20:42:24 UTC 
======================================================
Name: CVE-2009-1932
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932

Multiple integer overflows in the (1) user_info_callback, (2)
user_endrow_callback, and (3) gst_pngdec_task functions
(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka
gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted PNG file, which triggers a buffer overflow.
Comment 2 Olivier Crete (RETIRED) gentoo-dev 2009-06-06 21:18:53 UTC 
Please stabilize gst-plugins-good 0.10.14-r1 which includes the patch.
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2009-06-07 08:16:43 UTC 
Sorry guys, but this isn't working like that. The patch needs to be applied in gst-plugins-libpng, thanks to our wonderful gst layout. But it's nice to recompile gst-plugins-good for just the kicks :-)
Comment 4 Christian Hoffmann (RETIRED) gentoo-dev 2009-06-07 08:36:03 UTC 
Damn mid-air collisions, was just about to do mostly the same change. Adjusting summary.

Maintainers, please add the patch to gst-plugins-libpng.
Comment 5 Olivier Crete (RETIRED) gentoo-dev 2009-06-07 14:26:12 UTC 
media-plugins/gst-plugins-libpng-0.10.14-r1 is now there and needs to be stabilized. Sorry for the fuck up..

Sparc will also need to do bug #266986 which I've set as a dep.
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2009-06-07 16:25:55 UTC 
Stable on alpha.
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2009-06-08 20:19:22 UTC 
x86 stable
Comment 8 Markus Meier gentoo-dev 2009-06-10 19:29:31 UTC 
amd64 stable
Comment 9 Brent Baude (RETIRED) gentoo-dev 2009-06-16 19:52:12 UTC 
ppc64 done
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-06-21 14:17:12 UTC 
ppc done
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2009-07-01 16:54:30 UTC 
sparc stable
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2009-07-12 17:48:08 UTC 
GLSA 200907-11