CVE-2009-0397

Description

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.

How to fix CVE-2009-0397

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/gstreamer-plugins—no fix listed

Is CVE-2009-0397 being exploited?

Moderate — EPSS is 13.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, <= 0.10.9, <= 0.10.10, <= 0.10.11, <= 0.8.5

References (22)

• ADVISORYsecunia.com/advisories/33650
• ADVISORYsecunia.com/advisories/33815
• ADVISORYsecunia.com/advisories/33830
• ADVISORYsecunia.com/advisories/34336
• ADVISORYsecunia.com/advisories/35777