Home > Vulnerability Database > CVE-2009-0586

Mend.io Vulnerability Database

CVE-2009-0586

Good to know:

Date: March 14, 2009

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

Language: C

Severity Score

7.3

Related Resources (18)

Url: http://secunia.com/advisories/34335

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:085

Url: http://secunia.com/advisories/35777

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0586

Url: http://secunia.com/advisories/34350

Url: http://www.securityfocus.com/archive/1/501712/100/0/threaded

Url: http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff

Url: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694

Url: http://www.ubuntu.com/usn/USN-735-1

Url: http://openwall.com/lists/oss-security/2009/03/12/2

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/49274

Url: http://www.securityfocus.com/bid/34100

Url: http://security.gentoo.org/glsa/glsa-200907-11.xml

Url: http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9

Url: http://www.ocert.org/advisories/ocert-2008-015.html

Url: https://access.redhat.com/security/cve/CVE-2009-0586

Url: https://www.mend.io/vulnerability-database/CVE-2009-0586

Severity Score

7.3

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-0586

Good to know:

Date: March 14, 2009

Language: C

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?