First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 256096
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 256096 depends on: Show dependency tree
Bug 256096 blocks: 266986

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2009-01-23 16:38 0000 
Jan Lieskovsky wrote:
Multiple heap-based buffer overflow vulnerabilities and one an array index
out of bounds vulnerability has been reported by Tobias Klein to 
be present in the GStreamer demuxer responsible for demuxing QuickTime
media *.mov files into raw or compressed audio and/or video streams. A remote
attacker could use this flaws to execute arbitrary code in the context of an
application using the GStreamer multimedia framework.

gstreamer herd: please bump or apply patch:
http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
Also, could you please clarify which ebuilds ship and build the file qtdemux.c
?

------- Comment #1 From Mart Raudsepp 2009-01-26 04:58:20 0000 ------- 
(In reply to comment #0)
> Also, could you please clarify which ebuilds ship and build the file qtdemux.c

media-libs/gst-plugins-good - that is, it's not introducing extra deps and
therefore not split to a separate package.

------- Comment #2 From Olivier Crete 2009-02-02 18:53:44 0000 ------- 
0.10.13 with only this fix has been released upstream

------- Comment #3 From Stefan Behte 2009-02-04 22:19:25 0000 ------- 
CVE-2009-0386 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0386):
  Heap-based buffer overflow in the qtdemux_parse_samples function in
  gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
  gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers
  to execute arbitrary code via crafted Composition Time To Sample
  (ctts) atom data in a malformed QuickTime media .mov file.

CVE-2009-0387 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0387):
  Array index error in the qtdemux_parse_samples function in
  gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
  gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to
  cause a denial of service (application crash) and possibly execute
  arbitrary code via crafted Sync Sample (aka stss) atom data in a
  malformed QuickTime media .mov file, related to "mark keyframes."

CVE-2009-0397 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0397):
  Heap-based buffer overflow in the qtdemux_parse_samples function in
  gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
  gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka
  gstreamer-plugins) 0.8.5, might allow remote attackers to execute
  arbitrary code via crafted Time-to-sample (aka stts) atom data in a
  malformed QuickTime media .mov file.

CVE-2009-0398 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0398):
  Array index error in the gst_qtp_trak_handler function in
  gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins)
  0.6.0 allows remote attackers to have an unknown impact via a crafted
  QuickTime media file.

------- Comment #4 From Olivier Crete 2009-05-16 22:23:02 0000 ------- 
Adding the stabilization bug as a dep

------- Comment #5 From Robert Buchholz 2009-07-12 17:47:56 0000 ------- 
GLSA 200907-11
First Last Prev Next    No search results available      Search page      Enter new bug