A vulnerability has been discovered in GStreamer Good Plug-ins, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to an integer overflow error in ext/libpng/gstpngdec.c, which can be exploited to cause a heap-based buffer overflow via a specially crafted PNG file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 0.10.15. Other versions may also be affected.
Multiple integer overflows in the (1) user_info_callback, (2)
user_endrow_callback, and (3) gst_pngdec_task functions
(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka
gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted PNG file, which triggers a buffer overflow.
Please stabilize gst-plugins-good 0.10.14-r1 which includes the patch.
Sorry guys, but this isn't working like that. The patch needs to be applied in gst-plugins-libpng, thanks to our wonderful gst layout. But it's nice to recompile gst-plugins-good for just the kicks :-)
Damn mid-air collisions, was just about to do mostly the same change. Adjusting summary.
Maintainers, please add the patch to gst-plugins-libpng.
media-plugins/gst-plugins-libpng-0.10.14-r1 is now there and needs to be stabilized. Sorry for the fuck up..
Sparc will also need to do bug #266986 which I've set as a dep.
Stable on alpha.