Veracode Vulnerability DatabaseVERACODE:23578Arbitrary Code Execution
EPSS
Percentile
94.5%
gstreamer-plugins-good is vulnerable to arbitrary code execution. The vulnerability exists through multiple heap buffer overflows and an array indexing error were found in the GStreamer’s QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim.
References
cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
secunia.com/advisories/33650
secunia.com/advisories/33815
secunia.com/advisories/33830
secunia.com/advisories/34336
secunia.com/advisories/35777
security.gentoo.org/glsa/glsa-200907-11.xml
support.avaya.com/elmodocs2/security/ASA-2009-052.htm
trapkit.de/advisories/TKADV2009-003.txt
www.mandriva.com/security/advisories?name=MDVSA-2009:035
www.openwall.com/lists/oss-security/2009/01/29/3
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2009-0270.html
www.redhat.com/support/errata/RHSA-2009-0271.html
www.securityfocus.com/archive/1/500317/100/0/threaded
www.securityfocus.com/bid/33405
www.ubuntu.com/usn/USN-736-1
www.vupen.com/english/advisories/2009/0225
access.redhat.com/errata/RHSA-2009:0271
bugzilla.redhat.com/show_bug.cgi?id=481267
exchange.xforce.ibmcloud.com/vulnerabilities/48555
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9942
Related
