Ubuntu
gst-plugins-good0.10 package

Gstreamer good plugins vulnerabilities

Bug #325261 reported by Till Ulen
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gst-plugins-good0.10 (Ubuntu)
Fix Released
High
Marc Deslauriers
Nominated for Hardy by Till Ulen

Bug Description

Binary package hint: gstreamer0.10-plugins-good

CVE-2009-0386

"Heap-based buffer overflow in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers
to execute arbitrary code via crafted Composition Time To Sample
(ctts) atom data in a malformed QuickTime media .mov file."

CVE-2009-0387

"Array index error in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via crafted Sync Sample (aka stss) atom data in a
malformed QuickTime media .mov file, related to "mark keyframes." "

CVE-2009-0397

"Heap-based buffer overflow in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka
gstreamer-plugins) 0.8.5, might allow remote attackers to execute
arbitrary code via crafted Time-to-sample (aka stts) atom data in a
malformed QuickTime media .mov file."

CVE-2009-0398

"Array index error in the gst_qtp_trak_handler function in
gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins)
0.6.0 allows remote attackers to have an unknown impact via a crafted
QuickTime media file."

Source: http://www.openwall.com/lists/oss-security/2009/02/03/2

NVD entries:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0386
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0387
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0397
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0398

Revision history for this message
Till Ulen (tillulen) wrote :

Adding CVE references: CVE-2009-0386, CVE-2009-0387, CVE-2009-0397, CVE-2009-0398

Marc Deslauriers (mdeslaur)
Changed in gst-plugins-good0.10:
status: New → Confirmed
Pedro Villavicencio (pedro)
Changed in gst-plugins-good0.10:
assignee: nobody → desktop-bugs
importance: Undecided → High
Revision history for this message
Sebastien Bacher (seb128) wrote :

those issues should be fixed in the jaunty version, can you confirm that?

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

jaunty is not affected. I'm working on updates for the other releases.

Changed in gst-plugins-good0.10:
assignee: desktop-bugs → mdeslaur
status: Confirmed → In Progress
Revision history for this message
Sebastien Bacher (seb128) wrote :

closing the bug since it's fixed in jaunty you can nominate it for other versions which need an upload

Changed in gst-plugins-good0.10:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.