CVE-2009-0397

NameCVE-2009-0397
DescriptionHeap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1729-1
Debian Bugs514177

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gst-plugins-bad0.10sourceetch0.10.3-3.1+etch1DSA-1729-1
gst-plugins-bad0.10source(unstable)0.10.4-1
gst-plugins-good0.10sourceetch(not affected)
gst-plugins-good0.10sourcelenny0.10.8-4.1~lenny1
gst-plugins-good0.10source(unstable)0.10.8-4.1514177

Notes

[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
Search for package or bug name: Reporting problems