Bug#532352: gstreamer0.10-plugins-good: CVE-2009-1932 integer overflows

Michael S. Gilbert michael.s.gilbert at gmail.com
Mon Jun 8 18:47:12 UTC 2009

Package: gstreamer0.10-plugins-good
Version:  0.10.8-4.1~lenny1 0.10.4-4
Severity: serious
Tags: security patch

the following CVE (Common Vulnerabilities & Exposures) id was
published for gstreamer0.10-plugins-good.

| Multiple integer overflows in the (1) user_info_callback, (2)
| user_endrow_callback, and (3) gst_pngdec_task functions
| (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka
| gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote
| attackers to cause a denial of service and possibly execute arbitrary
| code via a crafted PNG file, which triggers a buffer overflow.

This bug has already been fixed in unstable(http://bugs.debian.org/531631).

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932

More information about the Pkg-gstreamer-maintainers mailing list