thr3ads.net - Secure testing team - [Secure-testing-team] Bug#531631: [SA35205] GStreamer Good Plug-ins PNG Processing Integer Overflow Vulnerability [Jun 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Jun-02 20:31 UTC

[Secure-testing-team] Bug#531631: [SA35205] GStreamer Good Plug-ins PNG Processing Integer Overflow Vulnerability

Package: gst-plugins-good0.10
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The following SA (Secunia Advisory) id was published for GStreamer Good
Plug-ins:

SA35205[0]:

Description:
A vulnerability has been discovered in GStreamer Good Plug-ins, which can be
exploited by malicious people to potentially compromise an application using the
library.

The vulnerability is caused due to an integer overflow error in
ext/libpng/gstpngdec.c, which can be exploited to cause a heap-based buffer
overflow via a specially crafted PNG file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 0.10.15. Other versions may also be
affected.




If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.

[0]http://secunia.com/advisories/35205/

Patch:
http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=d9544bcc44adcef769cbdf7f6453e140058a3adc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoljC4ACgkQNxpp46476apAbACfQCKt2JpnLvwauaxT9UkJB4qU
npIAnRJe+IBqfdXFhp9DgQNkLpcNFYeE
=F5iP
-----END PGP SIGNATURE-----

Secure testing team - Jun 2009 - Bug#531631: [SA35205] GStreamer Good Plug-ins PNG Processing Integer Overflow Vulnerability

[Secure-testing-team] Bug#531631: [SA35205] GStreamer Good Plug-ins PNG Processing Integer Overflow Vulnerability