488208 – (CVE-2009-0586) CVE-2009-0586 gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_coverart()

Bug 488208 (CVE-2009-0586) - CVE-2009-0586 gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_coverart()

Summary: CVE-2009-0586 gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2009-0586
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	488210 488212 833906
Blocks:
TreeView+	depends on / blocked

Reported:	2009-03-03 08:12 UTC by Tomas Hoger
Modified:	2019-09-29 12:28 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-12-07 17:48:58 UTC
Embargoed:

Attachments	(Terms of Use)
Upstream patch (2.45 KB, patch) 2009-03-04 13:14 UTC, Tomas Hoger	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:0352	0	normal	SHIPPED_LIVE	Moderate: gstreamer-plugins-base security update	2009-04-06 16:31:55 UTC

Description Tomas Hoger 2009-03-03 08:12:46 UTC

An integer overflow flaw was discovered in the gst_vorbis_tag_add_coverart().  Large COVERART comment tag value can cause memory requirements computation to overflow, resulting in an insufficient memory to be allocated and the allocated buffer overflow when comment tag value is base64-decoded:

gst_vorbis_tag_add_coverart() in gst-libs/gst/tag/gstvorbistag.c:

319 
320   img_data = g_try_malloc0 (base64_len * 3 / 4);
321

Comment 2 Tomas Hoger 2009-03-03 08:18:28 UTC

Note: This problem did not exist in version of gstreamer-plugins-base as shipped in Red Hat Enterprise Linux 5 prior to 5.3.  It was only introduced in the gstreamer-plugins-base rebase in 5.3.

Comment 5 Tomas Hoger 2009-03-04 13:14:28 UTC

Created attachment 333999 [details]
Upstream patch

Comment 6 Tomas Hoger 2009-03-12 15:18:53 UTC

Public now via upstream git commit:

http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9

Comment 7 errata-xmlrpc 2009-04-06 16:31:59 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:0352 https://rhn.redhat.com/errata/RHSA-2009-0352.html

Note You need to log in before you can comment on or make changes to this bug.