FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0387

This CVE name corresponds to:

Entered Topic
2009-03-16 gstreamer-plugins-good -- multiple memory overflows

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0387 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-0387
Phase Assigned(20090202)

Description

Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes."

References

Source Reference
BUGTRAQ 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities
MLIST [oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)
MISC http://trapkit.de/advisories/TKADV2009-003.txt
CONFIRM http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
CONFIRM http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481267
GENTOO GLSA-200907-11
MANDRIVA MDVSA-2009:035
REDHAT RHSA-2009:0271
SUSE SUSE-SR:2009:005
UBUNTU USN-736-1
BID 33405
OVAL oval:org.mitre.oval:def:10611
SECUNIA 33815
SECUNIA 34336
SECUNIA 35777
VUPEN ADV-2009-0225
SECUNIA 33650

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.