Published: 02/02/2009 Updated: 11/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 up to and including 0.10.11 might allow remote malicious users to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gstreamer good plug-ins 0.10.11
gstreamer good plug-ins 0.10.9
gstreamer good plug-ins 0.10.10

Synopsis Important: gstreamer-plugins-good security update Type/Severity Security Advisory: Important Topic Updated gstreamer-plugins-good packages that fix several security issuesare now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Se ...

Debian Bug report logs - #514177 gstreamer010-plugins-good: Several security issues: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-0398 Package: gstreamer010-plugins-good; Maintainer for gstreamer010-plugins-good is Maintainers of GStreamer packages <pkg-gstreamer-maintainers@listsaliothdebianorg>; Source for gstreamer01 ...

It was discovered that GStreamer Good Plugins did not correctly handle malformed Composition Time To Sample (ctts) atom data in Quicktime (mov) movie files If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program (CVE-2009-0386) ...

Several vulnerabilities have been found in gst-plugins-bad010, a collection of various GStreamer plugins The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0386 Tobias Klein discovered a buffer overflow in the quicktime stream demuxer (qtdemux), which could potentially lead to the execution of arbitr ...

CWE-119 http://trapkit.de/advisories/TKADV2009-003.txt http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html http://secunia.com/advisories/33650 http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 http://www.securityfocus.com/bid/33405 http://www.openwall.com/lists/oss-security/2009/01/29/3 https://bugzilla.redhat.com/show_bug.cgi?id=481267 http://www.mandriva.com/security/advisories?name=MDVSA-2009:035 http://secunia.com/advisories/33815 http://www.redhat.com/support/errata/RHSA-2009-0271.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://www.ubuntu.com/usn/USN-736-1 http://secunia.com/advisories/34336 http://security.gentoo.org/glsa/glsa-200907-11.xml http://secunia.com/advisories/35777 http://www.vupen.com/english/advisories/2009/0225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10306 http://www.securityfocus.com/archive/1/500317/100/0/threaded https://access.redhat.com/errata/RHSA-2009:0271 https://usn.ubuntu.com/736-1/https://nvd.nist.gov

CVE-2009-0386

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect