Rapid7 Vulnerability & Exploit Database

RHSA-2009:0352: gstreamer-plugins-base security update

Back to Search

RHSA-2009:0352: gstreamer-plugins-base security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
03/14/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

GStreamer is a streaming media framework based on graphs of filters whichoperate on media data. GStreamer Base Plug-ins is a collection ofwell-maintained base plug-ins.An integer overflow flaw which caused a heap-based buffer overflow wasdiscovered in the Vorbis comment tags reader. An attacker could create acarefully-crafted Vorbis file that would cause an application usingGStreamer to crash or, potentially, execute arbitrary code if opened by avictim. (CVE-2009-0586)All users of gstreamer-plugins-base are advised to upgrade to these updatedpackages, which contain a backported patch to correct this issue. Afterinstalling this update, all applications using GStreamer (such as Totem orRhythmbox) must be restarted for the changes to take effect.

Solution(s)

  • redhat-upgrade-gstreamer-plugins-base
  • redhat-upgrade-gstreamer-plugins-base-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;