Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-0397

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.

Related bugs and status

CVE-2009-0397 (Candidate) is related to these bugs:

Bug #325261: Gstreamer good plugins vulnerabilities

Summary				In	Importance	Status
	325261	Gstreamer good plugins vulnerabilities		gst-plugins-good0.10 (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009012...
MISC: http://trapkit.de/advi...
CONFIRM: http://cgit.freedeskto...
CONFIRM: http://gstreamer.freed...
CONFIRM: https://bugzilla.redha...
BID: 33405
SECUNIA: 33650
MANDRIVA: MDVSA-2009:035
CONFIRM: http://support.avaya.c...
REDHAT: RHSA-2009:0270
REDHAT: RHSA-2009:0271
SUSE: SUSE-SR:2009:005
SECUNIA: 33815
SECUNIA: 33830
UBUNTU: USN-736-1
SECUNIA: 34336
GENTOO: GLSA-200907-11
SECUNIA: 35777
VUPEN: ADV-2009-0225
XF: gstreamer-qtdemuxparse...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090122 [TKADV2009-00...