Heap-based Buffer Overflow in GStreamer Good Plug-ins Affecting Remote Code Execution
CVE-2009-0386

Currently unrated

Key Information:

Vendor

Gstreamer

Status
Good Plug-ins
Vendor
CVE Published:
2 February 2009

What is CVE-2009-0386?

A heap-based buffer overflow vulnerability exists in the qtdemux_parse_samples function within the GStreamer Good Plug-ins package, which may allow attackers to execute arbitrary code. This can occur when processing specially crafted .mov files that contain malformed Composition Time To Sample (ctts) atom data. Exploitation of this vulnerability may permit a remote attacker to gain control over the affected system.

References

http://www.securityfocus.com/bid/33405
vdb-entryx_refsource_BID
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/500317/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.