oss-sec mailing list archives
Re: CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 3 Feb 2009 15:59:43 -0500 (EST)
All in all, we have 4 distinct CVE's for the gstreamer issues, partially based on which bugs appear in gstreamer-plugins. - Steve ====================================================== Name: CVE-2009-0386 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0386 Acknowledged: yes changelog Announced: 20090122 Flaw: buf Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3 Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt Reference: CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267 Reference: BID:33405 Reference: URL:http://www.securityfocus.com/bid/33405 Reference: FRSIRT:ADV-2009-0225 Reference: URL:http://www.frsirt.com/english/advisories/2009/0225 Reference: SECUNIA:33650 Reference: URL:http://secunia.com/advisories/33650 Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file. Analysis: ABSTRACTION: The researcher lists three issues in the advisory, two heap overflows and one array index error so these are SPLIT. ABSTRACTION: One of the heap overflows affects different products than the other, so they are SPLIT. ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix for security advisory TKADV2009-0xx" which references the researcher, who states "Vendor has released an updated version" and notes the issue is resolved in the 0.10.12 release. ====================================================== Name: CVE-2009-0387 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0387 Acknowledged: yes changelog Announced: 20090122 Flaw: other Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3 Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt Reference: CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267 Reference: BID:33405 Reference: URL:http://www.securityfocus.com/bid/33405 Reference: FRSIRT:ADV-2009-0225 Reference: URL:http://www.frsirt.com/english/advisories/2009/0225 Reference: SECUNIA:33650 Reference: URL:http://secunia.com/advisories/33650 Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes." Analysis: ABSTRACTION: The researcher lists three issues in the advisory, two heap overflows and one array index error so these are SPLIT. ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix for security advisory TKADV2009-0xx" which references the researcher, who states "Vendor has released an updated version" and notes the issue is resolved in the 0.10.12 release. ====================================================== Name: CVE-2009-0397 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397 Acknowledged: yes changelog Announced: 20090122 Flaw: buf Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3 Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt Reference: CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267 Reference: BID:33405 Reference: URL:http://www.securityfocus.com/bid/33405 Reference: FRSIRT:ADV-2009-0225 Reference: URL:http://www.frsirt.com/english/advisories/2009/0225 Reference: SECUNIA:33650 Reference: URL:http://secunia.com/advisories/33650 Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file. Analysis: ABSTRACTION: The researcher lists three issues in the advisory, two heap overflows and one array index error so these are SPLIT. ABSTRACTION: One of the heap overflows affects different products than the other, so they are SPLIT. ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix for security advisory TKADV2009-0xx" which references the researcher, who states "Vendor has released an updated version" and notes the issue is resolved in the 0.10.12 release. WIKI: The MLIST:[oss-security] 20090129 indicates that vulnerability [C] is about "QuickTime 'stts' Atom parsing" but then says "QuickTime Sync Sample Atom parsing." This is incorrect. An stts atom is a "Time-to-sample atom." (An stss atom is a "Sync Sample Atom.") ====================================================== Name: CVE-2009-0398 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398 Acknowledged: unknown Announced: 20090129 Flaw: other Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3 Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file.
Current thread:
- CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) Jan Lieskovsky (Jan 29)
- Re: CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) Steven M. Christey (Feb 03)