CVE-2009-0387

Publication date 2 February 2009

Last updated 24 July 2024

Ubuntu priority

Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes."

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gst-plugins-bad0.10	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Ignored end of life
gst-plugins-good0.10	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 0.10.10.4-1ubuntu1.1
	8.04 LTS hardy	Fixed 0.10.7-3ubuntu0.2
	7.10 gutsy	Fixed 0.10.6-0ubuntu4.2
	6.06 LTS dapper	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
gst-plugins-bad0.10	Upstream: ?id=bdc
gst-plugins-good0.10	Upstream: ?id=bdc Upstream: ?id=752

CVE-2009-0387

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references