Multiple heap-based buffer overflow vulnerabilities and one an array index out of bounds vulnerability has been reported by Tobias Klein to be present in the GStreamer demuxer responsible for demuxing QuickTime media *.mov files into raw or compressed audio and/or video streams. A remote attacker could use this flaws to execute arbitrary code in the context of an application using the GStreamer multimedia framework. References: http://trapkit.de/advisories/TKADV2009-003.txt http://getsongbird.com/ http://projects.gnome.org/totem/ http://amarok.kde.org/ http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 Proposed solution: Upgrade to GStreamer gst-plugins-good version >= 0.10.12. Credit: Tobias Klein
This issue affects the version of the gstreamer-plugins-good package, as shipped with Red Hat Enterprise Linux 5. This issue affects all versions of the gstreamer-plugins-good package, as shipped with Fedora releases of 9, 10 and devel. ============================================================================ This issue does NOT affect the versions of the gstreamer package, as shipped with Red Hat Enterprise Linux 3, 4, 5 and Fedora releases of 9, 10 and devel. This issue does NOT affect the versions of the totem package, as shipped with Red Hat Enterprise Linux 5 and Fedora releases of 9, 10 and devel. This issue does NOT affect the versions of the rhythmbox package, as shipped with Red Hat Enterprise Linux 4, and 5 and Fedora releases of 9, 10 and devel. This issue does NOT affect the versions of the amarok package, as shipped with Fedora releases of 9, 10 and devel.
(In reply to comment #1) > This issue affects the version of the gstreamer-plugins-good package, > as shipped with Red Hat Enterprise Linux 5. > > This issue affects all versions of the gstreamer-plugins-good package, > as shipped with Fedora releases of 9, 10 and devel. No it doesn't. It only affects Fedora 9 and Fedora 10. Rawhide already has a new enough version that include those fixes. Devel: http://koji.fedoraproject.org/koji/buildinfo?buildID=80255 Fedora 10: https://admin.fedoraproject.org/updates/gstreamer-plugins-good-0.10.13-1.fc10 Fedora 9: https://admin.fedoraproject.org/updates/gstreamer-plugins-good-0.10.8-10.fc9
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0397 to the following vulnerability: Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397 http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded http://www.openwall.com/lists/oss-security/2009/01/29/3 http://trapkit.de/advisories/TKADV2009-003.txt http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html http://www.securityfocus.com/bid/33405 http://www.frsirt.com/english/advisories/2009/0225 http://secunia.com/advisories/33650
gstreamer-plugins-good-0.10.8-10.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
gstreamer-plugins-good-0.10.13-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2009-0271.html http://rhn.redhat.com/errata/RHSA-2009-0270.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-1213 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-1343