256096 – (CVE-2009-0386) media-libs/gst-plugins-good <0.10.13 QuickTime Heap-based buffer overflows (CVE-2009-{0386,0387,0397,0398})

Bug 256096 (CVE-2009-0386) - media-libs/gst-plugins-good <0.10.13 QuickTime Heap-based buffer overflows (CVE-2009-{0386,0387,0397,0398})

Summary: media-libs/gst-plugins-good <0.10.13 QuickTime Heap-based buffer overflows (C...

Status:	RESOLVED FIXED

Alias:	CVE-2009-0386

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	A2 [glsa]
Keywords:

Depends on:
Blocks:	266986
	Show dependency tree

Reported:	2009-01-23 16:38 UTC by Robert Buchholz (RETIRED)
Modified:	2009-07-12 17:47 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2009-01-23 16:38:58 UTC

Jan Lieskovsky wrote:
Multiple heap-based buffer overflow vulnerabilities and one an array index
out of bounds vulnerability has been reported by Tobias Klein to 
be present in the GStreamer demuxer responsible for demuxing QuickTime
media *.mov files into raw or compressed audio and/or video streams. A remote
attacker could use this flaws to execute arbitrary code in the context of an
application using the GStreamer multimedia framework.

gstreamer herd: please bump or apply patch:
http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
Also, could you please clarify which ebuilds ship and build the file qtdemux.c ?

Comment 1 Mart Raudsepp gentoo-dev

2009-01-26 04:58:20 UTC

(In reply to comment #0)
> Also, could you please clarify which ebuilds ship and build the file qtdemux.c

media-libs/gst-plugins-good - that is, it's not introducing extra deps and therefore not split to a separate package.

Comment 2 Olivier Crete (RETIRED) gentoo-dev

2009-02-02 18:53:44 UTC

0.10.13 with only this fix has been released upstream

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-02-04 22:19:25 UTC

CVE-2009-0386 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0386):
  Heap-based buffer overflow in the qtdemux_parse_samples function in
  gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
  gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers
  to execute arbitrary code via crafted Composition Time To Sample
  (ctts) atom data in a malformed QuickTime media .mov file.

CVE-2009-0387 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0387):
  Array index error in the qtdemux_parse_samples function in
  gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
  gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to
  cause a denial of service (application crash) and possibly execute
  arbitrary code via crafted Sync Sample (aka stss) atom data in a
  malformed QuickTime media .mov file, related to "mark keyframes."

CVE-2009-0397 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0397):
  Heap-based buffer overflow in the qtdemux_parse_samples function in
  gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
  gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka
  gstreamer-plugins) 0.8.5, might allow remote attackers to execute
  arbitrary code via crafted Time-to-sample (aka stts) atom data in a
  malformed QuickTime media .mov file.

CVE-2009-0398 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0398):
  Array index error in the gst_qtp_trak_handler function in
  gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins)
  0.6.0 allows remote attackers to have an unknown impact via a crafted
  QuickTime media file.

Comment 4 Olivier Crete (RETIRED) gentoo-dev

2009-05-16 22:23:02 UTC

Adding the stabilization bug as a dep

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2009-07-12 17:47:56 UTC

GLSA 200907-11