CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.4%
Secunia reports:
Tobias Klein has reported some vulnerabilities in GStreamer Good
Plug-ins, which can potentially be exploited by malicious people to
compromise a vulnerable system.
A boundary error occurs within the “qtdemux_parse_samples()”
function in gst/gtdemux/qtdemux.c when performing QuickTime “ctts”
Atom parsing. This can be exploited to cause a heap-based buffer
overflow via a specially crafted QuickTime media file.
An array indexing error exists in the “qtdemux_parse_samples()”
function in gst/gtdemux/qtdemux.c when performing QuickTime “stss”
Atom parsing. This can be exploited to corrupt memory via a specially
crafted QuickTime media file.
A boundary error occurs within the “qtdemux_parse_samples()”
function in gst/gtdemux/qtdemux.c when performing QuickTime “stts”
Atom parsing. This can be exploited to cause a heap-based buffer
overflow via a specially crafted QuickTime media file.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | gstreamer-plugins-good | = 0.10.9,3 | UNKNOWN |
FreeBSD | any | noarch | gstreamer-plugins-good | < 0.10.12,3 | UNKNOWN |