Pardus: Gst-plugins-base: Integer Overflow
Posted by Benjamin D. Thomas   
A vulnerability has been reported in GStreamer, which can potentially by exploited by malicious people to compromise an application using the library.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-45            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-04-01
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability has been reported in GStreamer, which can potentially by
exploited by malicious people to compromise an  application  using  the
library.


Description
===========

The vulnerability is caused due  to  an  integer  overflow  within  the
"gst_vorbis_tag_add_coverart()"               function in
gst-libs/gst/tag/gstvorbistag.c  of the  GStreamer  Base  Plugins  when
processing "COVERART" tags. This can be exploited to cause a heap-based
buffer overflow by e.g. tricking an application using the library  into
processing a malicious Ogg/Vorbis file containing a  specially  crafted
"COVERART" tag.


Affected packages:

  Pardus 2008:
    gst-plugins-base, all before 0.10.21-17-5


Resolution
==========

There are update(s) for  gst-plugins-base.  You  can  update  them  via
Package Manager or with a single command from console:

    pisi up gst-plugins-base

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=9391
  * http://www.ocert.org/advisories/ocert-2008-015.html
  * http://secunia.com/advisories/34335/