Array Index Error in GStreamer Good Plug-ins Allows Denial of Service
CVE-2009-0387

Currently unrated

Key Information:

Vendor

Gstreamer

Status
Good Plug-ins
Plug-ins
Vendor
CVE Published:
2 February 2009

What is CVE-2009-0387?

The GStreamer Good Plug-ins contain an array index error in the qtdemux_parse_samples function that can be exploited by remote attackers. By crafting malicious Sync Sample atom data within a malformed QuickTime .mov file, attackers may trigger an application crash or potentially execute arbitrary code. This vulnerability emphasizes the importance of proper input validation in multimedia processing frameworks to prevent exploitation.

References

http://www.securityfocus.com/bid/33405
vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/500317/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/34336
third-party-advisoryx_refsource_SECUNIA

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.