CVE-2009-0397

Name of the Vulnerable Software and Affected Versions GStreamer Good Plug-ins versions 0.10.9 through 0.10.11 GStreamer Plug-ins version 0.8.5

Description The issue is related to a heap-based buffer overflow in the qtdemux parse samples function, which might allow remote attackers to execute arbitrary code via crafted Time-to-sample (stts) atom data in a malformed QuickTime media .mov file. Additionally, there are multiple vulnerabilities in the gstreamer0.10-plugins-bad package that can lead to disruption of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For GStreamer Good Plug-ins versions 0.10.9 through 0.10.11, update to a version outside of this range to mitigate the risk. For GStreamer Plug-ins version 0.8.5, update to a newer version to resolve the issue. As a temporary workaround, consider restricting access to malformed QuickTime media .mov files until a patch is available. Avoid using the qtdemux parse samples function in the affected GStreamer Good Plug-ins versions until the issue is resolved.