Bug 481267 (CVE-2009-0397)
Summary: | CVE-2009-0397 gstreamer-plugins, gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Time-to-sample (stss) atom data | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ajax, bnocera, kreilly, mjc |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://trapkit.de/advisories/TKADV2009-003.txt | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-02-26 09:16:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 483217, 483218, 483220, 483221, 833907 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2009-01-23 10:19:33 UTC
This issue affects the version of the gstreamer-plugins-good package, as shipped with Red Hat Enterprise Linux 5. This issue affects all versions of the gstreamer-plugins-good package, as shipped with Fedora releases of 9, 10 and devel. ============================================================================ This issue does NOT affect the versions of the gstreamer package, as shipped with Red Hat Enterprise Linux 3, 4, 5 and Fedora releases of 9, 10 and devel. This issue does NOT affect the versions of the totem package, as shipped with Red Hat Enterprise Linux 5 and Fedora releases of 9, 10 and devel. This issue does NOT affect the versions of the rhythmbox package, as shipped with Red Hat Enterprise Linux 4, and 5 and Fedora releases of 9, 10 and devel. This issue does NOT affect the versions of the amarok package, as shipped with Fedora releases of 9, 10 and devel. (In reply to comment #1) > This issue affects the version of the gstreamer-plugins-good package, > as shipped with Red Hat Enterprise Linux 5. > > This issue affects all versions of the gstreamer-plugins-good package, > as shipped with Fedora releases of 9, 10 and devel. No it doesn't. It only affects Fedora 9 and Fedora 10. Rawhide already has a new enough version that include those fixes. Devel: http://koji.fedoraproject.org/koji/buildinfo?buildID=80255 Fedora 10: https://admin.fedoraproject.org/updates/gstreamer-plugins-good-0.10.13-1.fc10 Fedora 9: https://admin.fedoraproject.org/updates/gstreamer-plugins-good-0.10.8-10.fc9 Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0397 to the following vulnerability: Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397 http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded http://www.openwall.com/lists/oss-security/2009/01/29/3 http://trapkit.de/advisories/TKADV2009-003.txt http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html http://www.securityfocus.com/bid/33405 http://www.frsirt.com/english/advisories/2009/0225 http://secunia.com/advisories/33650 gstreamer-plugins-good-0.10.8-10.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. gstreamer-plugins-good-0.10.13-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2009-0271.html http://rhn.redhat.com/errata/RHSA-2009-0270.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-1213 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-1343 |