CVE-2009-0386

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
gstreamergood_plug-ins
0.10.9
gstreamergood_plug-ins
0.10.10
gstreamergood_plug-ins
0.10.11
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gst-plugins-bad0.10
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
ignored
gst-plugins-good0.10
karmic
not-affected
jaunty
not-affected
intrepid
Fixed 0.10.10.4-1ubuntu1.1
released
hardy
Fixed 0.10.7-3ubuntu0.2
released
gutsy
Fixed 0.10.6-0ubuntu4.2
released
dapper
not-affected