CVE-2009-0586

Summary

CVE	CVE-2009-0586
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-03-14 18:30:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

Risk And Classification

Primary CVSS: v2.0 7.5 from [email protected]

AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem Types: CWE-190 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	8.10	All	All	All
Application	Gstreamer	Gstreamer	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Gentoo update for gst-plugins-good, gst-plugins-base, and gst-plugins-libpng - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org	Third Party Advisory
Support / Security / Advisories / / MDVSA-2009:085 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com	Broken Link
ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff	af854a3a-2127-422b-91ae-364da2661108	ocert.org	Patch
USN-735-1: GStreamer Base Plugins vulnerability \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com	Third Party Advisory
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com	Third Party Advisory, VDB Entry
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
oCERT archive	af854a3a-2127-422b-91ae-364da2661108	www.ocert.org	Third Party Advisory
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Patch, Third Party Advisory, VDB Entry
oss-security - [oCERT-2008-015] glib and glib-predecessor heap overflows	af854a3a-2127-422b-91ae-364da2661108	openwall.com	Mailing List, Patch, Third Party Advisory
Ubuntu update for gst-plugins-base0.10 - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
Gentoo Linux Documentation -- GStreamer plug-ins: User-assisted execution of arbitrary code	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org	Third Party Advisory
gstreamer/gst-plugins-base - 'Base' GStreamer plugins and helper libraries (mirrored from https://gitlab.freedesktop.org/gstreamer/gst-plugins-base)	af854a3a-2127-422b-91ae-364da2661108	cgit.freedesktop.org	Patch, Third Party Advisory
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:009	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org	Broken Link, Mailing List, Third Party Advisory
GStreamer "gst_vorbis_tag_add_coverart()" Integer Overflow Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
Red Hat Customer Portal	MITRE	access.redhat.com
access.redhat.com \| CVE-2009-0586	MITRE	access.redhat.com
488208 – (CVE-2009-0586) CVE-2009-0586 gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_coverart()	MITRE	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.