CVE-2009-0586
7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.5%
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
References
cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9
lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff
openwall.com/lists/oss-security/2009/03/12/2
secunia.com/advisories/34335
secunia.com/advisories/34350
secunia.com/advisories/35777
security.gentoo.org/glsa/glsa-200907-11.xml
www.mandriva.com/security/advisories?name=MDVSA-2009:085
www.ocert.org/advisories/ocert-2008-015.html
www.securityfocus.com/archive/1/501712/100/0/threaded
www.securityfocus.com/bid/34100
www.ubuntu.com/usn/USN-735-1
exchange.xforce.ibmcloud.com/vulnerabilities/49274
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694
Social References
More
Related
7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.5%