CVE-2009-0386

Name of the Vulnerable Software and Affected Versions GStreamer Good Plug-ins versions 0.10.9 through 0.10.11

Description The issue is related to multiple vulnerabilities in the gstreamer0.10-plugins-bad package in Debian GNU/Linux, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A heap-based buffer overflow in the qtdemux parse samples function in gst/qtdemux/qtdemux.c may allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.

Recommendations For versions 0.10.9 through 0.10.11, consider disabling the qtdemux parse samples function as a temporary workaround until a patch is available. Restrict access to malformed QuickTime media .mov files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.