VDB

CVE-2009-0586

CVE-2009-0586 PUBLISHED CVSS 7.5 HIGH

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

EPSS 2.14% · 84.6th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
2.14%
84.6th percentile

Affected Products

VendorProductVersions
gstreamergstreamer0
n/an/an/a
canonicalubuntu_linux8.10

Timeline

  • Mar 14, 2009 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 3, 2023 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›