483740 – (CVE-2009-0398) CVE-2009-0398 gstreamer-plugins: Array index error while parsing malformed QuickTime media files

Bug 483740 (CVE-2009-0398) - CVE-2009-0398 gstreamer-plugins: Array index error while parsing malformed QuickTime media files

Summary: CVE-2009-0398 gstreamer-plugins: Array index error while parsing malformed Qu...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2009-0398
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://trapkit.de/advisories/TKADV200...
Whiteboard:
Depends On:	483216
Blocks:
TreeView+	depends on / blocked

Reported:	2009-02-03 13:27 UTC by Jan Lieskovsky
Modified:	2019-09-29 12:28 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-02-06 13:15:45 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:0269	0	normal	SHIPPED_LIVE	Important: gstreamer-plugins security update	2009-02-06 12:48:46 UTC

Description Jan Lieskovsky 2009-02-03 13:27:27 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0398 to
the following vulnerability:

Array index error in the gst_qtp_trak_handler function in
gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins)
0.6.0 allows remote attackers to have an unknown impact via a crafted
QuickTime media file.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398
http://www.openwall.com/lists/oss-security/2009/01/29/3

Comment 2 Red Hat Product Security 2009-02-06 13:15:45 UTC

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2009-0269.html

Note You need to log in before you can comment on or make changes to this bug.