Veracode Vulnerability DatabaseVERACODE:23577Arbitrary Code Execution
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
gstreamer-plugins-good is vulnerable to arbitrary code execution. The vulnerability exists as multiple heap buffer overflows and an array indexing error were found in the GStreamer’s QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim.
References
cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
secunia.com/advisories/33650
secunia.com/advisories/33815
secunia.com/advisories/34336
secunia.com/advisories/35777
security.gentoo.org/glsa/glsa-200907-11.xml
trapkit.de/advisories/TKADV2009-003.txt
www.mandriva.com/security/advisories?name=MDVSA-2009:035
www.openwall.com/lists/oss-security/2009/01/29/3
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2009-0271.html
www.securityfocus.com/archive/1/500317/100/0/threaded
www.securityfocus.com/bid/33405
www.ubuntu.com/usn/USN-736-1
www.vupen.com/english/advisories/2009/0225
access.redhat.com/errata/RHSA-2009:0271
bugzilla.redhat.com/show_bug.cgi?id=481267
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10611
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C