CVE-2009-0586

Name of the Vulnerable Software and Affected Versions gst-plugins-base versions prior to 0.10.23

Description The issue is related to an integer overflow in the gst vorbis tag add coverart function, which can lead to a heap-based buffer overflow. This occurs when a crafted COVERART tag, converted from a base64 representation, is processed. The overflow can be exploited by context-dependent attackers to execute arbitrary code.

Recommendations For versions prior to 0.10.23, update to version 0.10.23 or later to resolve the issue. As a temporary workaround, consider restricting the processing of COVERART tags from untrusted sources until the update is applied.