An integer overflow flaw was discovered in the gst_vorbis_tag_add_coverart(). Large COVERART comment tag value can cause memory requirements computation to overflow, resulting in an insufficient memory to be allocated and the allocated buffer overflow when comment tag value is base64-decoded: gst_vorbis_tag_add_coverart() in gst-libs/gst/tag/gstvorbistag.c: 319 320 img_data = g_try_malloc0 (base64_len * 3 / 4); 321
Note: This problem did not exist in version of gstreamer-plugins-base as shipped in Red Hat Enterprise Linux 5 prior to 5.3. It was only introduced in the gstreamer-plugins-base rebase in 5.3.
Created attachment 333999 [details] Upstream patch
Public now via upstream git commit: http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0352 https://rhn.redhat.com/errata/RHSA-2009-0352.html