thr3ads.net - Secure testing team - [Secure-testing-team] Bug#514177: gstreamer0.10-plugins-good: Several security issues: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-0398 [Feb 2009]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2009-Feb-04 22:43 UTC

[Secure-testing-team] Bug#514177: gstreamer0.10-plugins-good: Several security issues: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-0398

Package: gstreamer0.10-plugins-good
Version: 0.10.8-4.1
Severity: grave
Tags: security
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for gst-plugins-good0.10.

CVE-2009-0386[0]:
| Heap-based buffer overflow in the qtdemux_parse_samples function in
| gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
| gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers
| to execute arbitrary code via crafted Composition Time To Sample
| (ctts) atom data in a malformed QuickTime media .mov file.

CVE-2009-0387[1]:
| Array index error in the qtdemux_parse_samples function in
| gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
| gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to
| cause a denial of service (application crash) and possibly execute
| arbitrary code via crafted Sync Sample (aka stss) atom data in a
| malformed QuickTime media .mov file, related to "mark keyframes."

CVE-2009-0397[2]:
| Heap-based buffer overflow in the qtdemux_parse_samples function in
| gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
| gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka
| gstreamer-plugins) 0.8.5, might allow remote attackers to execute
| arbitrary code via crafted Time-to-sample (aka stts) atom data in a
| malformed QuickTime media .mov file.

CVE-2009-0398[3]:
| Array index error in the gst_qtp_trak_handler function in
| gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins)
| 0.6.0 allows remote attackers to have an unknown impact via a crafted
| QuickTime media file.

There is also a redhat bugreport[4] and a mail[5] on the public security
list with more information. The upstream patch[6] seems to fix all, but
CVE-2009-0398 according to upstream.

These issues should be fixed for lenny. It would also be good, if you as
the maintainer could prepare an update for etch and contact the security
team, if you have something ready.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

Thanks in advance for your work.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0386
    http://security-tracker.debian.net/tracker/CVE-2009-0386
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0387
    http://security-tracker.debian.net/tracker/CVE-2009-0387
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397
    http://security-tracker.debian.net/tracker/CVE-2009-0397
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398
    http://security-tracker.debian.net/tracker/CVE-2009-0398
[4] https://bugzilla.redhat.com/show_bug.cgi?id=481267
[5] http://www.openwall.com/lists/oss-security/2009/01/29/3
[6]
http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53

Secure testing team - Feb 2009 - Bug#514177: gstreamer0.10-plugins-good: Several security issues: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-0398

[Secure-testing-team] Bug#514177: gstreamer0.10-plugins-good: Several security issues: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 CVE-2009-0398