CVE-2009-0386

2009-02-0219:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2009-0386

gstreamer

buffer overflow

qtdemux

remote code execution

quicktime

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.134

Percentile

95.6%

JSON

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.

Affected configurations

Nvd

Node

gstreamergood_plug-insMatch0.10.9

gstreamergood_plug-insMatch0.10.10

gstreamergood_plug-insMatch0.10.11

VendorProductVersionCPE
gstreamergood_plug-ins0.10.9cpe:2.3:a:gstreamer:good_plug-ins:0.10.9:*:*:*:*:*:*:*
gstreamergood_plug-ins0.10.10cpe:2.3:a:gstreamer:good_plug-ins:0.10.10:*:*:*:*:*:*:*
gstreamergood_plug-ins0.10.11cpe:2.3:a:gstreamer:good_plug-ins:0.10.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gstreamer	good_plug-ins	0.10.9	cpe:2.3:a:gstreamer:good_plug-ins:0.10.9:::::::*
gstreamer	good_plug-ins	0.10.10	cpe:2.3:a:gstreamer:good_plug-ins:0.10.10:::::::*
gstreamer	good_plug-ins	0.10.11	cpe:2.3:a:gstreamer:good_plug-ins:0.10.11:::::::*