|
Message-ID: <Pine.GSO.4.51.0906061224370.28142@faron.mitre.org> Date: Sat, 6 Jun 2009 12:25:31 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security <oss-security@...ts.openwall.com> cc: coley@...re.org Subject: Re: CVE Request (gstreamer-plugins-good) The patch link seems to be working again. ====================================================== Name: CVE-2009-1932 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932 Reference: CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=d9544bcc44adcef769cbdf7f6453e140058a3adc Reference: BID:35172 Reference: URL:http://www.securityfocus.com/bid/35172 Reference: OSVDB:54827 Reference: URL:http://osvdb.org/54827 Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.