Candidate: CVE-2009-0586
PublicDate: 2009-03-14 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0586
 https://ubuntu.com/security/notices/USN-735-1
Description:
 Integer overflow in the gst_vorbis_tag_add_coverart function
 (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka
 gstreamer-plugins-base) before 0.10.23 in GStreamer allows
 context-dependent attackers to execute arbitrary code via a crafted
 COVERART tag that is converted from a base64 representation, which triggers
 a heap-based buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_gst-plugins-base0.10:
 other: http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff
upstream_gst-plugins-base0.10: needs-triage
dapper_gst-plugins-base0.10: not-affected (code not present)
gutsy_gst-plugins-base0.10: not-affected (code not present)
hardy_gst-plugins-base0.10: not-affected (code not present)
intrepid_gst-plugins-base0.10: released (0.10.21-3ubuntu0.1)
devel_gst-plugins-base0.10: not-affected (0.10.22-4)