Bug#531631: [SA35205] GStreamer Good Plug-ins PNG Processing Integer Overflow Vulnerability
giuseppe at iuculano.it
Tue Jun 2 20:31:47 UTC 2009
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
The following SA (Secunia Advisory) id was published for GStreamer Good Plug-ins:
A vulnerability has been discovered in GStreamer Good Plug-ins, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to an integer overflow error in ext/libpng/gstpngdec.c, which can be exploited to cause a heap-based buffer overflow via a specially crafted PNG file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 0.10.15. Other versions may also be affected.
If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Pkg-gstreamer-maintainers