Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0386

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0386
Last Modified 07 Mar 2011 10:18:25
Published 02 Feb 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0386

Summary

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.

Vulnerable Systems

Application

  • Gstreamer Good Plug-ins 0.10.10

  • Gstreamer Good Plug-ins 0.10.11

  • Gstreamer Good Plug-ins 0.10.9


References

BID - 33405

CONFIRM - http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=481267

VUPEN - ADV-2009-0225

UBUNTU - USN-736-1

BUGTRAQ - 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities

REDHAT - RHSA-2009:0271

MLIST - [oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)

MANDRIVA - MDVSA-2009:035

MISC - http://trapkit.de/advisories/TKADV2009-003.txt

GENTOO - GLSA-200907-11

SECUNIA - 35777

SECUNIA - 34336

SECUNIA - 33815

SECUNIA - 33650

SUSE - SUSE-SR:2009:005

CONFIRM - http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53


Last Updated: 27 May 2016 10:50:14