Rapid7 Vulnerability & Exploit Database

RHSA-2009:0270: gstreamer-plugins security update

Back to Search

RHSA-2009:0270: gstreamer-plugins security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
02/03/2009
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

The gstreamer-plugins package contains plugins used by the GStreamerstreaming-media framework to support a wide variety of media types.A heap buffer overflow was found in the GStreamer's QuickTime media fileformat decoding plug-in. An attacker could create a carefully-craftedQuickTime media .mov file that would cause an application using GStreamerto crash or, potentially, execute arbitrary code if played by a victim.(CVE-2009-0397)All users of gstreamer-plugins are advised to upgrade to these updatedpackages, which contain a backported patch to correct this issue. Afterinstalling the update, all applications using GStreamer (such as rhythmbox)must be restarted for the changes to take effect.

Solution(s)

  • redhat-upgrade-gstreamer-plugins
  • redhat-upgrade-gstreamer-plugins-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;