Bug#532352: gstreamer0.10-plugins-good: CVE-2009-1932 integer overflows
Michael S. Gilbert
michael.s.gilbert at gmail.com
Mon Jun 8 18:47:12 UTC 2009
Package: gstreamer0.10-plugins-good
Version: 0.10.8-4.1~lenny1 0.10.4-4
Severity: serious
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gstreamer0.10-plugins-good.
CVE-2009-1932[0]:
| Multiple integer overflows in the (1) user_info_callback, (2)
| user_endrow_callback, and (3) gst_pngdec_task functions
| (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka
| gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote
| attackers to cause a denial of service and possibly execute arbitrary
| code via a crafted PNG file, which triggers a buffer overflow.
This bug has already been fixed in unstable(http://bugs.debian.org/531631).
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932
http://security-tracker.debian.net/tracker/CVE-2009-1932
More information about the Pkg-gstreamer-maintainers
mailing list