Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-0397
HistoryFeb 03, 2009 - 11:30 a.m.

CVE-2009-0397

2009-02-0311:30:00
CWE-119
[email protected]
web.nvd.nist.gov
5

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.086

Percentile

94.5%

JSON

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.

Affected configurations

Nvd
Node
gstreamergood_plug-insMatch0.10.9
OR
gstreamergood_plug-insMatch0.10.10
OR
gstreamergood_plug-insMatch0.10.11
OR
gstreamerplug-insMatch0.8.5
VendorProductVersionCPE
gstreamergood_plug-ins0.10.9cpe:2.3:a:gstreamer:good_plug-ins:0.10.9:*:*:*:*:*:*:*
gstreamergood_plug-ins0.10.10cpe:2.3:a:gstreamer:good_plug-ins:0.10.10:*:*:*:*:*:*:*
gstreamergood_plug-ins0.10.11cpe:2.3:a:gstreamer:good_plug-ins:0.10.11:*:*:*:*:*:*:*
gstreamerplug-ins0.8.5cpe:2.3:a:gstreamer:plug-ins:0.8.5:*:*:*:*:*:*:*

References

Related

redhat 2
openvas 21
nessus 15
centos 1
veracode 1
cvelist 1
ubuntucve 1
prion 1
cve 1
oraclelinux 2
osv 1
debian 2
freebsd 1
ubuntu 1
gentoo 1
redhat
redhat
(RHSA-2009:0270) Important: gstreamer-plugins security update
2009-02-06 00:00:00
(RHSA-2009:0271) Important: gstreamer-plugins-good security update
2009-02-06 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:0270
2009-02-10 00:00:00
CentOS Security Advisory CESA-2009:0270 (gstreamer-plugins)
2009-02-10 00:00:00
RedHat Security Advisory RHSA-2009:0270
2009-02-10 00:00:00
nessus
nessus
Oracle Linux 4 : gstreamer-plugins (ELSA-2009-0270)
2013-07-12 00:00:00
RHEL 4 : gstreamer-plugins (RHSA-2009:0270)
2009-02-09 00:00:00
CentOS 4 : gstreamer-plugins (CESA-2009:0270)
2009-02-06 00:00:00
centos
centos
gstreamer security update
2009-02-06 14:59:06
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:06
cvelist
cvelist
CVE-2009-0397
2009-02-03 11:00:00
ubuntucve
ubuntucve
CVE-2009-0397
2009-02-03 00:00:00
prion
prion
Heap overflow
2009-02-03 11:30:00
cve
cve
CVE-2009-0397
2009-02-03 11:30:00
oraclelinux
oraclelinux
gstreamer-plugins security update
2009-02-06 00:00:00
gstreamer-plugins-good security update
2009-02-06 00:00:00
osv
osv
gst-plugins-bad0.10 - multiple vulnerabilities
2009-03-02 00:00:00
debian
debian
[SECURITY] [DSA 1729-1] New gst-plugins-bad0.10 packages fix multiple vulnerabilities
2009-03-02 20:38:00
[SECURITY] [DSA 1729-1] New gst-plugins-bad0.10 packages fix multiple vulnerabilities
2009-03-02 20:38:00
freebsd
freebsd
gstreamer-plugins-good -- multiple memory overflows
2009-01-22 00:00:00
ubuntu
ubuntu
GStreamer Good Plugins vulnerabilities
2009-03-16 00:00:00
gentoo
gentoo
GStreamer plug-ins: User-assisted execution of arbitrary code
2009-07-12 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.086

Percentile

94.5%

JSON
Related for NVD:CVE-2009-0397
redhat2openvas21nessus15centos1veracode1cvelist1ubuntucve1prion1cve1oraclelinux2osv1debian2freebsd1ubuntu1gentoo1