Heap-based Buffer Overflow in GStreamer Good Plug-ins Products by GStreamer
CVE-2009-0397

Currently unrated

Key Information:

Vendor

Gstreamer

Status
Good Plug-ins
Plug-ins
Vendor
CVE Published:
3 February 2009

What is CVE-2009-0397?

A vulnerability exists in the qtdemux_parse_samples function within GStreamer Good Plug-ins, versions 0.10.9 to 0.10.11, and GStreamer Plug-ins version 0.8.5. This flaw can be exploited by attackers through specially crafted Time-to-sample atom data in malformed QuickTime .mov files, potentially enabling them to execute arbitrary code remotely. Users of affected versions are urged to apply necessary patches to mitigate this risk.

References

http://www.securityfocus.com/bid/33405
vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/500317/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/34336
third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.