LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gst-plugins-base: arbitrary code execution

Package(s):gst-plugins-base0.10 CVE #(s):CVE-2009-0586
Created:March 17, 2009 Updated:July 13, 2009
Description: From the Ubuntu advisory: It was discovered that the Base64 decoding functions in GStreamer Base Plugins did not properly handle large images in Vorbis file tags. If a user were tricked into opening a specially crafted Vorbis file, an attacker could possibly execute arbitrary code with user privileges.
Alerts:
Gentoo 200907-11 2009-07-12
SuSE SUSE-SR:2009:009 2009-04-21
CentOS CESA-2009:0352 2009-04-08
Red Hat RHSA-2009:0352-01 2009-04-06
Mandriva MDVSA-2009:085 2009-04-02
Ubuntu USN-735-1 2009-03-16
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds