*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: gstreamer0.10-plugins-good CVE-2009-0386 "Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file." CVE-2009-0387 "Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes." " CVE-2009-0397 "Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file." CVE-2009-0398 "Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file." Source: http://www.openwall.com/lists/oss-security/2009/02/03/2 NVD entries: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0387 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0397 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0398 ** Affects: gst-plugins-good0.10 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0386 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0387 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0397 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0398 -- Gstreamer good plugins vulnerabilities https://bugs.launchpad.net/bugs/325261 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
