CVE-2009-0397

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
gstreamergood_plug-ins
0.10.9
gstreamergood_plug-ins
0.10.10
gstreamergood_plug-ins
0.10.11
gstreamerplug-ins
0.8.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gst-plugins-bad0.10
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
ignored
gst-plugins-good0.10
karmic
not-affected
jaunty
not-affected
intrepid
Fixed 0.10.10.4-1ubuntu1.1
released
hardy
Fixed 0.10.7-3ubuntu0.2
released
gutsy
Fixed 0.10.6-0ubuntu4.2
released
dapper
not-affected
gst-plugins0.8
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
ignored
References