CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 1CVE-2009-1932 – gstreamer-plugins-good: PNG decoder integer overflow
https://notcve.org/view.php?id=CVE-2009-1932
Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow. Múltiples desbordamientos de entero en las funciones (1) user_info_callback, (2) user_endrow_callback, (3) gst_pngdec_task en(ext/libpng/gstpngdec.c) enn GStreamer Good Plug-ins (también conocido como gst-plugins-good or gstreamer-plugins-good) v0.10.15, permite a atacante remotos provocar una denegación de servicio y posiblemente la ejecución de código de su elección a través de un archivo PNG manipulado lo que lanza un desbordamiento de entero. • http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=d9544bcc44adcef769cbdf7f6453e140058a3adc http://osvdb.org/54827 http://secunia.com/advisories/35205 http://secunia.com/advisories/35583 http://secunia.com/advisories/35777 http://secunia.com/advisories/35897 http://security.gentoo.org/glsa/glsa-200907-11.xml http://www.debian.org/security/2009/dsa-1839 http://www.mandriva.com/security/advisories?name=MDVSA-2009:130 http://www.redhat.com/support/errata/RHSA-2009-1123.htm • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 8%CPEs: 4EXPL: 2CVE-2009-0397 – gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Time-to-sample (stss) atom data
https://notcve.org/view.php?id=CVE-2009-0397
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file. Vulnerabilidad de desbordamiento de búfer basado en montículo en la función qtdemux_parse_samples de gst/qtdemux/qtdemux.c de los "Plug-ins" (complementos) Good de GStreamer (también conocido como gst-plugins-good) en las versiones desde v0.10.9 a v0.10.11 y en los "Plug-ins" (complementos) (también conocido como gstreamer-plugins) de GStremaer v0.8.5. Permite a atacantes remotos la ejecución de código de su elección a través de la modificación del "atom data" (unidad básica de información en QuickTime) Time-to-sample (también conocido como stts) en un archivo mal formado de QuickTime media de extensión ".mov". • http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/33650 http://secunia.com/advisories/33815 http://secunia.com/advisories/33830 http://secunia.com/advisories/34336 http://secunia.com/advisories/35777 http://security.gentoo.org/glsa/glsa-200907-11.xml http://suppor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2009-0398 – gstreamer-plugins: Array index error while parsing malformed QuickTime media files
https://notcve.org/view.php?id=CVE-2009-0398
Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file. Error de indice de selección en la función gst_qtp_trak_handler en gst/qtdemux/qtdemux.c en GStreamer Plug-ins (conocido como gstreamer-plugins) v0.6.0 permite a atacantes remotos provocar un impacto desconocido mediante un fichero multimedia de QuickTime manipulado. • http://secunia.com/advisories/33830 http://www.openwall.com/lists/oss-security/2009/01/29/3 http://www.redhat.com/support/errata/RHSA-2009-0269.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9886 https://access.redhat.com/security/cve/CVE-2009-0398 https://bugzilla.redhat.com/show_bug.cgi?id=483740 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 13%CPEs: 3EXPL: 1CVE-2009-0386 – gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Composition Time To Sample (aka ctts) atom data
https://notcve.org/view.php?id=CVE-2009-0386
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file. Desbordamiento de búfer basado en montón en la función qtdemux_parse_samples de gst/qtdemux/qtdemux.c de GStreamer Good Plug-ins (conocido como gst-plugins-good) v0.10.9 hasta v0.10.11 podría permitir a atacantes remotos ejecutar código de su elección mediante un dato básico Composition Time To Sample (ctts) manipulado, en un fichero .mov de QuickTime deformado. • http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/33650 http://secunia.com/advisories/33815 http://secunia.com/advisories/34336 http://secunia.com/advisories/35777 http://security.gentoo.org/glsa/glsa-200907-11.xml http://trapkit.de/advisories/TKADV2009-003.txt http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 43%CPEs: 4EXPL: 1CVE-2009-0387 – gstreamer-plugins-good: Array index error while parsing malformed QuickTime media files via crafted Sync Sample (aka stss) atom data
https://notcve.org/view.php?id=CVE-2009-0387
Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes." Un error de indice en vector en la funcion qtdemux_parse_samples de gst/qtdemux/qtdemux.c en GStreamer Good Plug-ins (también conocido como gst-plugins-good) en sus versiones 0.10.9 a 0.10.11 permite a atacantes remotos provocar una denegación de servicio (que genera un fallo en la aplicación) y posiblemente ejecutar código arbitrario a través de los datos modificados de una Sync Sample (también conocido como STSS) en un fichero .mov de vídeo/audio de Quicktime debidamente modificado en relación con los "mark keyframes". • http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53 http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/33650 http://secunia.com/advisories/33815 http://secunia.com/advisories/34336 http://secunia.com/advisories/35777 http://security.gentoo.org/glsa/glsa-200907-11.xml http://trapkit.de/advisories/TKADV2009-003.txt http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •