CVE-2009-0387

Description

Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes."

How to fix CVE-2009-0387

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/gstreamer-plugins—no fix listed

Is CVE-2009-0387 being exploited?

Moderate — EPSS is 17.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, <= 0.10.9, <= 0.10.10, <= 0.10.11, <= 0.8.5

References (18)

• ADVISORYsecunia.com/advisories/33650
• ADVISORYsecunia.com/advisories/33815
• ADVISORYsecunia.com/advisories/34336
• ADVISORYsecunia.com/advisories/35777
• ADVISORYsecurity.gentoo.org/glsa/glsa-200907-11.xml