Mandriva Linux Security Advisory : gstreamer0.10-plugins-good (MDVSA-2009:130-1)

Medium Nessus Plugin ID 39322


The remote Mandriva Linux host is missing one or more security updates.


Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow (CVE-2009-1932).

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers


Update the affected packages.

Plugin Details

Severity: Medium

ID: 39322

File Name: mandriva_MDVSA-2009-130.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2009/06/08

Modified: 2013/06/01

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gstreamer0.10-aalib, p-cpe:/a:mandriva:linux:gstreamer0.10-caca, p-cpe:/a:mandriva:linux:gstreamer0.10-dv, p-cpe:/a:mandriva:linux:gstreamer0.10-esound, p-cpe:/a:mandriva:linux:gstreamer0.10-flac, p-cpe:/a:mandriva:linux:gstreamer0.10-plugins-good, p-cpe:/a:mandriva:linux:gstreamer0.10-raw1394, p-cpe:/a:mandriva:linux:gstreamer0.10-speex, p-cpe:/a:mandriva:linux:gstreamer0.10-wavpack, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2009/12/03

Reference Information

CVE: CVE-2009-1932

MDVSA: 2009:130-1

CWE: 189