Get the LinuxSecurity news you want faster with RSS
Powered By
Pardus: gst-plugins-good: Denial of Service
Posted by Benjamin D. Thomas
Tobias Klein has reported some vulnerabilities in GStreamer Good Plug-ins, which can potentially be exploited by malicious people to compromise a vulnerable system.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-16 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-01-29
Severity: 4
Type: Remote
------------------------------------------------------------------------
Summary
=======
Tobias Klein has reported some vulnerabilities in GStreamer Good
Plug-ins, which can potentially be exploited by malicious people to
compromise a vulnerable system.
Description
===========
1) A boundary error occurs within the "qtdemux_parse_samples()" function
in gst/gtdemux/qtdemux.c when performing QuickTime "ctts" Atom parsing.
This can be exploited to cause a heap-based buffer overflow via a
specially crafted QuickTime media file.
2) An array indexing error exists in the "qtdemux_parse_samples()"
function in gst/gtdemux/qtdemux.c when performing QuickTime "stss" Atom
parsing. This can be exploited to corrupt memory via a specially crafted
QuickTime media file.
3) A boundary error occurs within the "qtdemux_parse_samples()" function
in gst/gtdemux/qtdemux.c when performing QuickTime "stts" Atom parsing.
This can be exploited to cause a heap-based buffer overflow via a
specially crafted QuickTime media file.
Affected packages:
Pardus 2008:
gst-plugins-good, all before 0.10.11-15-8
Resolution
==========
There are update(s) for gst-plugins-good. You can update them via
Package Manager or with a single command from console:
pisi up gst-plugins-good
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=9105
* http://secunia.com/Advisories/33650/
