CVE-2009-1932

Name of the Vulnerable Software and Affected Versions GStreamer Good Plug-ins versions 0.10.15

Description The issue is caused by multiple integer overflows in the user info callback, user endrow callback, and gst pngdec task functions, which can lead to a denial of service and possibly allow remote attackers to execute arbitrary code via a crafted PNG file, triggering a buffer overflow. The vulnerability can be exploited remotely, potentially disrupting the confidentiality, integrity, and availability of protected information.

Recommendations For GStreamer Good Plug-ins version 0.10.15, consider updating to a newer version to mitigate the risk, as the current version contains multiple integer overflows that can be exploited. As a temporary workaround, consider restricting the use of the gst pngdec task function and the user info callback and user endrow callback functions until a patch is available. Avoid using crafted PNG files that can trigger the buffer overflow.