CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
86.0%
CentOS Errata and Security Advisory CESA-2009:0269
The gstreamer-plugins package contains plug-ins used by the GStreamer
streaming-media framework to support a wide variety of media types.
An array indexing error was found in the GStreamer’s QuickTime media file
format decoding plug-in. An attacker could create a carefully-crafted
QuickTime media .mov file that would cause an application using GStreamer
to crash or, potentially, execute arbitrary code if played by a victim.
(CVE-2009-0398)
All users of gstreamer-plugins are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing the update, all applications using GStreamer (such as
nautilus-media) must be restarted for the changes to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-February/077781.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077782.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077787.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077789.html
Affected packages:
gstreamer-plugins
gstreamer-plugins-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0269