FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0397

This CVE name corresponds to:

Entered Topic
2009-03-16 gstreamer-plugins-good -- multiple memory overflows

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0397 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-0397
Phase Assigned(20090202)

Description

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.

References

Source Reference
BUGTRAQ 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities
MLIST [oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)
MISC http://trapkit.de/advisories/TKADV2009-003.txt
CONFIRM http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
CONFIRM http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=481267
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-052.htm
GENTOO GLSA-200907-11
MANDRIVA MDVSA-2009:035
REDHAT RHSA-2009:0270
REDHAT RHSA-2009:0271
SUSE SUSE-SR:2009:005
UBUNTU USN-736-1
BID 33405
OVAL oval:org.mitre.oval:def:9942
SECUNIA 33815
SECUNIA 33830
SECUNIA 34336
SECUNIA 35777
VUPEN ADV-2009-0225
SECUNIA 33650
XF gstreamer-qtdemuxparse-bo(48555)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.