Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 272972 (CVE-2009-1932) - <=media-plugins/gst-plugins-libpng-0.10.14: Multiple integer overflows (CVE-2009-1932)
Summary: <=media-plugins/gst-plugins-libpng-0.10.14: Multiple integer overflows (CVE-2...
Alias: CVE-2009-1932
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on: 266986
  Show dependency tree
Reported: 2009-06-06 20:41 UTC by Alex Legler (RETIRED)
Modified: 2009-07-12 17:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-06-06 20:41:25 UTC
From Secunia:

A vulnerability has been discovered in GStreamer Good Plug-ins, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerability is caused due to an integer overflow error in ext/libpng/gstpngdec.c, which can be exploited to cause a heap-based buffer overflow via a specially crafted PNG file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 0.10.15. Other versions may also be affected.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-06-06 20:42:24 UTC
Name: CVE-2009-1932
Status: Candidate

Multiple integer overflows in the (1) user_info_callback, (2)
user_endrow_callback, and (3) gst_pngdec_task functions
(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka
gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted PNG file, which triggers a buffer overflow.
Comment 2 Olivier Crete (RETIRED) gentoo-dev 2009-06-06 21:18:53 UTC
Please stabilize gst-plugins-good 0.10.14-r1 which includes the patch.
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2009-06-07 08:16:43 UTC
Sorry guys, but this isn't working like that. The patch needs to be applied in gst-plugins-libpng, thanks to our wonderful gst layout. But it's nice to recompile gst-plugins-good for just the kicks :-)
Comment 4 Christian Hoffmann (RETIRED) gentoo-dev 2009-06-07 08:36:03 UTC
Damn mid-air collisions, was just about to do mostly the same change. Adjusting summary.

Maintainers, please add the patch to gst-plugins-libpng.
Comment 5 Olivier Crete (RETIRED) gentoo-dev 2009-06-07 14:26:12 UTC
media-plugins/gst-plugins-libpng-0.10.14-r1 is now there and needs to be stabilized. Sorry for the fuck up..

Sparc will also need to do bug #266986 which I've set as a dep.
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2009-06-07 16:25:55 UTC
Stable on alpha.
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2009-06-08 20:19:22 UTC
x86 stable
Comment 8 Markus Meier gentoo-dev 2009-06-10 19:29:31 UTC
amd64 stable
Comment 9 Brent Baude (RETIRED) gentoo-dev 2009-06-16 19:52:12 UTC
ppc64 done
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-06-21 14:17:12 UTC
ppc done
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2009-07-01 16:54:30 UTC
sparc stable
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2009-07-12 17:48:08 UTC
GLSA 200907-11