Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-0387

Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes."

Related bugs and status

CVE-2009-0387 (Candidate) is related to these bugs:

Bug #325261: Gstreamer good plugins vulnerabilities

Summary				In	Importance	Status
	325261	Gstreamer good plugins vulnerabilities		gst-plugins-good0.10 (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009012...
MISC: http://trapkit.de/advi...
CONFIRM: http://cgit.freedeskto...
CONFIRM: http://gstreamer.freed...
CONFIRM: https://bugzilla.redha...
BID: 33405
SECUNIA: 33650
MANDRIVA: MDVSA-2009:035
REDHAT: RHSA-2009:0271
SUSE: SUSE-SR:2009:005
SECUNIA: 33815
UBUNTU: USN-736-1
SECUNIA: 34336
GENTOO: GLSA-200907-11
SECUNIA: 35777
VUPEN: ADV-2009-0225
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090122 [TKADV2009-00...