CVE-2009-1932

NameCVE-2009-1932
DescriptionMultiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1839-1
NVD severitymedium (attack range: remote)
Debian Bugs531631, 532352

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gst-plugins-good0.10 (PTS)wheezy0.10.31-3+nmu1fixed
wheezy (security)0.10.31-3+nmu1+deb7u2fixed
jessie (security), jessie0.10.31-3+nmu4+deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gst-plugins-good0.10source(unstable)0.10.15-2medium531631, 532352
gst-plugins-good0.10sourceetch0.10.4-4+etch1mediumDSA-1839-1
gst-plugins-good0.10sourcelenny0.10.8-4.1~lenny2mediumDSA-1839-1

Search for package or bug name: Reporting problems