CVE-2009-0586

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9	Patch Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html	Broken Link Mailing List Third Party Advisory
http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff	Patch
http://openwall.com/lists/oss-security/2009/03/12/2	Mailing List Patch Third Party Advisory
http://secunia.com/advisories/34335	Not Applicable
http://secunia.com/advisories/34350	Not Applicable
http://secunia.com/advisories/35777	Not Applicable
http://security.gentoo.org/glsa/glsa-200907-11.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:085	Broken Link
http://www.ocert.org/advisories/ocert-2008-015.html	Third Party Advisory
http://www.securityfocus.com/archive/1/501712/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/34100	Patch Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-735-1	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49274	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-03-14 18:30

Updated : 2023-02-13 02:19

NVD link : CVE-2009-0586

Mitre link : CVE-2009-0586

CVE.ORG link : CVE-2009-0586

JSON object : View

Products Affected

canonical

ubuntu_linux

gstreamer_project

gstreamer

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2009-0586", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-03-14T18:30:00.500", "references": [{"url": "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2009/03/12/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34335", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34350", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/35777", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200907-11.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:085", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.ocert.org/advisories/ocert-2008-015.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/34100", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-735-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49274", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Un desbordamiento de enteros en la funci\u00f3n gst_vorbis_tag_add_coverart (archivo gst-libs/gst/tag/gstvorbistag.c) en vorbistag en gst-plugins-base (se conoce como gstreamer-plugins-base) anterior a versi\u00f3n 0.10.23 en GStreamer, permite a los atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario por medio de una etiqueta COVERART dise\u00f1ada que es convertida desde una representaci\u00f3n base64, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."}], "lastModified": "2023-02-13T02:19:40.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E210088-EDDF-414A-80D6-3F59E90C85BC", "versionEndExcluding": "0.10.23"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}