Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 224032 - CVE-2006-4192 Heap overflow in modplug gstreamer plugin
CVE-2006-4192 Heap overflow in modplug gstreamer plugin
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gstreamer-plugins (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Monty
: Security
Depends On:
Blocks: CVE-2006-4192
  Show dependency treegraph
Reported: 2007-01-23 13:47 EST by Lubomir Kundrak
Modified: 2013-10-20 18:42 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-01 09:24:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Upstream patch for CVE-2006-4192 modplug heap overflow (1010 bytes, patch)
2007-01-23 13:47 EST, Lubomir Kundrak
no flags Details | Diff
Reproducer for CVE-2006-4192 modplug heap overflow (4.13 KB, text/x-csrc)
2007-01-23 13:50 EST, Lubomir Kundrak
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Bugzilla 385788 None None None Never

  None (edit)
Description Lubomir Kundrak 2007-01-23 13:47:25 EST
Description of problem:

gstreamer-plugins contains a copy of code that was affected by
CVE-2006-4192, potential heap overflow in

The original advisory is here:

Version-Release number of selected component (if applicable):


How reproducible:

Did not try to reproduce. The advisory contains the POC that should be
able to generate reproducers.

Additional info:

Upstream bug, with fix:

Debian bug:

Fixes for the original issue:
Comment 1 Lubomir Kundrak 2007-01-23 13:47:26 EST
Created attachment 146331 [details]
Upstream patch for CVE-2006-4192 modplug heap overflow
Comment 2 Lubomir Kundrak 2007-01-23 13:50:42 EST
Created attachment 146333 [details]
Reproducer for CVE-2006-4192 modplug heap overflow

This issue is the "Second Attack" mentioned in the POC code.
Comment 3 Bastien Nocera 2007-02-01 09:24:59 EST
From the patch:
+gst-plugins-bad0.10 (0.10.3-3.1) unstable; urgency=high

We don't ship the "-bad" plugins of GStreamer, nor do we intend to, so not a
problem there.

Note You need to log in before you can comment on or make changes to this bug.