Unrated severityNVD Advisory· Published Mar 14, 2009· Updated Apr 23, 2026
CVE-2009-0586
CVE-2009-0586
Description
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
Affected products
2- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/nvdPatchThird Party Advisory
- ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diffnvdPatch
- openwall.com/lists/oss-security/2009/03/12/2nvdMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/34100nvdPatchThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlnvdBroken LinkMailing ListThird Party Advisory
- security.gentoo.org/glsa/glsa-200907-11.xmlnvdThird Party Advisory
- www.ocert.org/advisories/ocert-2008-015.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/501712/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-735-1nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/49274nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694nvdThird Party Advisory
- secunia.com/advisories/34335nvdNot Applicable
- secunia.com/advisories/34350nvdNot Applicable
- secunia.com/advisories/35777nvdNot Applicable
- www.mandriva.com/security/advisoriesnvdBroken Link
News mentions
0No linked articles in our index yet.