CVE-2009-0387

Name of the Vulnerable Software and Affected Versions GStreamer Good Plug-ins versions 0.10.9 through 0.10.11 gstreamer0.10-plugins-bad (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the gstreamer0.10-plugins-bad package of Debian GNU/Linux and an array index error in the qtdemux parse samples function in GStreamer Good Plug-ins. This error allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Sync Sample atom data in a malformed QuickTime media .mov file. The exploitation of these vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For GStreamer Good Plug-ins versions 0.10.9 through 0.10.11, consider updating to a version outside of this range to mitigate the risk. For gstreamer0.10-plugins-bad, at the moment, there is no information about a newer version that contains a fix for this vulnerability.