Source: gstreamer0.10-plugins-good Severity: grave Version: 0.10.8-4 Tags: security
Hi, The following SA (Secunia Advisory) id was published for interchange. SA33650[1]: > Tobias Klein has reported some vulnerabilities in GStreamer Good Plug-ins, > which can potentially be exploited by malicious people to compromise a > vulnerable system. > > 1) A boundary error occurs within the "qtdemux_parse_samples()" function in > gst/gtdemux/qtdemux.c when performing QuickTime "ctts" Atom parsing. This > can be exploited to cause a heap-based buffer overflow via a specially > crafted QuickTime media file. > > 2) An array indexing error exists in the "qtdemux_parse_samples()" function > in gst/gtdemux/qtdemux.c when performing QuickTime "stss" Atom parsing. > This can be exploited to corrupt memory via a specially crafted QuickTime > media file. > > 3) A boundary error occurs within the "qtdemux_parse_samples()" function in > gst/gtdemux/qtdemux.c when performing QuickTime "stts" Atom parsing. This > can be exploited to cause a heap-based buffer overflow via a specially > crafted QuickTime media file. > > These vulnerabilities are reported in versions prior to 0.10.12. The original advisory can be found at [2]. If you fix the vulnerability please also make sure to include the CVE id, when one is assigned, in the changelog entry. [1]http://secunia.com/Advisories/33650/ [2]http://trapkit.de/advisories/TKADV2009-003.txt Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.