Description of problem: gstreamer-plugins contains a copy of code that was affected by CVE-2006-4192, potential heap overflow in gst/modplug/libmodplug/sndfile.cpp:ReadSample(). The original advisory is here: http://aluigi.altervista.org/adv/mptho-adv.txt Version-Release number of selected component (if applicable): RHEL-3, RHEL-4 How reproducible: Did not try to reproduce. The advisory contains the POC that should be able to generate reproducers. Additional info: Upstream bug, with fix: http://bugzilla.gnome.org/show_bug.cgi?id=385788 Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407956 Fixes for the original issue: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch?view=markup http://modplug.svn.sourceforge.net/viewvc/modplug/trunk/OpenMPT/soundlib/Sndfile.cpp?r1=156&r2=163 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383574
Created attachment 146331 [details] Upstream patch for CVE-2006-4192 modplug heap overflow
Created attachment 146333 [details] Reproducer for CVE-2006-4192 modplug heap overflow This issue is the "Second Attack" mentioned in the POC code.
From the patch: +gst-plugins-bad0.10 (0.10.3-3.1) unstable; urgency=high We don't ship the "-bad" plugins of GStreamer, nor do we intend to, so not a problem there.