Computer Security
[EN] securityvulns.ru no-pyccku


glib library memory corruption
Published:15.03.2009
Source:
SecurityVulns ID:9743
Type:library
Threat Level:
7/10
Description:Memory corruption on base64 encoding/decoding.
Affected:LIBSOUP : libsoup 2.2
 GLIB : glib 2.11
 GLIB : glib 2.12
 GSTREAMER : gstreamer-plugins-base 0.10
CVE:CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.)
 CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.)
 CVE-2009-0585 (Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.)
 CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.)
Original documentdocumentWill Drewry, [oCERT-2008-015] glib and glib-predecessor heap overflows (15.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod