oss-sec mailing list archives

Re: CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 3 Feb 2009 15:59:43 -0500 (EST)

All in all, we have 4 distinct CVE's for the gstreamer issues, partially
based on which bugs appear in gstreamer-plugins.

- Steve

======================================================
Name: CVE-2009-0386
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0386
Acknowledged: yes changelog
Announced: 20090122
Flaw: buf
Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded
Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details 
about affected versions -- final version)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3
Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt
Reference: 
CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267
Reference: BID:33405
Reference: URL:http://www.securityfocus.com/bid/33405
Reference: FRSIRT:ADV-2009-0225
Reference: URL:http://www.frsirt.com/english/advisories/2009/0225
Reference: SECUNIA:33650
Reference: URL:http://secunia.com/advisories/33650

Heap-based buffer overflow in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers
to execute arbitrary code via crafted Composition Time To Sample
(ctts) atom data in a malformed QuickTime media .mov file.


Analysis:
ABSTRACTION: The researcher lists three issues in the advisory, two
heap overflows and one array index error so these are SPLIT.

ABSTRACTION: One of the heap overflows affects different products than
the other, so they are SPLIT.

ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix
for security advisory TKADV2009-0xx" which references the researcher,
who states "Vendor has released an updated version" and notes the
issue is resolved in the 0.10.12 release.


======================================================
Name: CVE-2009-0387
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0387
Acknowledged: yes changelog
Announced: 20090122
Flaw: other
Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded
Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details 
about affected versions -- final version)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3
Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt
Reference: 
CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267
Reference: BID:33405
Reference: URL:http://www.securityfocus.com/bid/33405
Reference: FRSIRT:ADV-2009-0225
Reference: URL:http://www.frsirt.com/english/advisories/2009/0225
Reference: SECUNIA:33650
Reference: URL:http://secunia.com/advisories/33650

Array index error in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via crafted Sync Sample (aka stss) atom data in a
malformed QuickTime media .mov file, related to "mark keyframes."


Analysis:
ABSTRACTION: The researcher lists three issues in the advisory, two
heap overflows and one array index error so these are SPLIT.

ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix
for security advisory TKADV2009-0xx" which references the researcher,
who states "Vendor has released an updated version" and notes the
issue is resolved in the 0.10.12 release.


======================================================
Name: CVE-2009-0397
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397
Acknowledged: yes changelog
Announced: 20090122
Flaw: buf
Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded
Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details 
about affected versions -- final version)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3
Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt
Reference: 
CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267
Reference: BID:33405
Reference: URL:http://www.securityfocus.com/bid/33405
Reference: FRSIRT:ADV-2009-0225
Reference: URL:http://www.frsirt.com/english/advisories/2009/0225
Reference: SECUNIA:33650
Reference: URL:http://secunia.com/advisories/33650

Heap-based buffer overflow in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka
gstreamer-plugins) 0.8.5, might allow remote attackers to execute
arbitrary code via crafted Time-to-sample (aka stts) atom data in a
malformed QuickTime media .mov file.


Analysis:
ABSTRACTION: The researcher lists three issues in the advisory, two
heap overflows and one array index error so these are SPLIT.

ABSTRACTION: One of the heap overflows affects different products than
the other, so they are SPLIT.

ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix
for security advisory TKADV2009-0xx" which references the researcher,
who states "Vendor has released an updated version" and notes the
issue is resolved in the 0.10.12 release.

WIKI: The MLIST:[oss-security] 20090129 indicates that vulnerability
[C] is about "QuickTime 'stts' Atom parsing" but then says "QuickTime
Sync Sample Atom parsing." This is incorrect. An stts atom is a
"Time-to-sample atom." (An stss atom is a "Sync Sample Atom.")


======================================================
Name: CVE-2009-0398
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398
Acknowledged: unknown
Announced: 20090129
Flaw: other
Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details 
about affected versions -- final version)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3

Array index error in the gst_qtp_trak_handler function in
gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins)
0.6.0 allows remote attackers to have an unknown impact via a crafted
QuickTime media file.
Current thread:

CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) Jan Lieskovsky (Jan 29)
- Re: CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version) Steven M. Christey (Feb 03)