Bug#514177: gstreamer0.10-plugins-good: Several security issues: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-0398

Sebastian Dröge slomo at circular-chaos.org
Thu Feb 5 09:11:28 UTC 2009 

Am Mittwoch, den 04.02.2009, 17:43 -0500 schrieb Steffen Joeris:
> Package: gstreamer0.10-plugins-good
> Version: 0.10.8-4.1
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) ids were
> published for gst-plugins-good0.10.
> 
> CVE-2009-0386[0]:
> | Heap-based buffer overflow in the qtdemux_parse_samples function in
> | gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
> | gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers
> | to execute arbitrary code via crafted Composition Time To Sample
> | (ctts) atom data in a malformed QuickTime media .mov file.
> 
> CVE-2009-0387[1]:
> | Array index error in the qtdemux_parse_samples function in
> | gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
> | gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to
> | cause a denial of service (application crash) and possibly execute
> | arbitrary code via crafted Sync Sample (aka stss) atom data in a
> | malformed QuickTime media .mov file, related to "mark keyframes."
> 
> CVE-2009-0397[2]:
> | Heap-based buffer overflow in the qtdemux_parse_samples function in
> | gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
> | gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka
> | gstreamer-plugins) 0.8.5, might allow remote attackers to execute
> | arbitrary code via crafted Time-to-sample (aka stts) atom data in a
> | malformed QuickTime media .mov file.
> 
> CVE-2009-0398[3]:
> | Array index error in the gst_qtp_trak_handler function in
> | gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins)
> | 0.6.0 allows remote attackers to have an unknown impact via a crafted
> | QuickTime media file.
> 
> There is also a redhat bugreport[4] and a mail[5] on the public security
> list with more information. The upstream patch[6] seems to fix all, but
> CVE-2009-0398 according to upstream.

Hi,
the patch is already in unstable, testing and experimental. I'll take a
look at the other issue later, thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.alioth.debian.org/pipermail/pkg-gstreamer-maintainers/attachments/20090205/3da80c4d/attachment.pgp

More information about the Pkg-gstreamer-maintainers mailing list