CVE-2009-0386

Publication date 2 February 2009

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gst-plugins-bad0.10	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Ignored end of life
gst-plugins-good0.10	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 0.10.10.4-1ubuntu1.1
	8.04 LTS hardy	Fixed 0.10.7-3ubuntu0.2
	7.10 gutsy	Fixed 0.10.6-0ubuntu4.2
	6.06 LTS dapper	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
gst-plugins-bad0.10	Upstream: ?id=bdc
gst-plugins-good0.10	Upstream: ?id=bdc

CVE-2009-0386

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references