CVE-2009-0397

2009-02-0300:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.086 Low

EPSS

Percentile

94.5%

JSON

Heap-based buffer overflow in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good)
0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins)
0.8.5, might allow remote attackers to execute arbitrary code via crafted
Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov
file.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchgst-plugins-good0.10< 0.10.6-0ubuntu4.2UNKNOWN
ubuntu8.04noarchgst-plugins-good0.10< 0.10.7-3ubuntu0.2UNKNOWN
ubuntu8.10noarchgst-plugins-good0.10< 0.10.10.4-1ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.10	noarch	gst-plugins-good0.10	< 0.10.6-0ubuntu4.2	UNKNOWN
ubuntu	8.04	noarch	gst-plugins-good0.10	< 0.10.7-3ubuntu0.2	UNKNOWN
ubuntu	8.10	noarch	gst-plugins-good0.10	< 0.10.10.4-1ubuntu1.1	UNKNOWN