Rapid7 Vulnerability & Exploit Database

RHSA-2009:0271: gstreamer-plugins-good security update

Back to Search

RHSA-2009:0271: gstreamer-plugins-good security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
02/03/2009
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

GStreamer is a streaming media framework, based on graphs of filters whichoperate on media data. GStreamer Good Plug-ins is a collection ofwell-supported, GStreamer plug-ins of good quality released under the LGPLlicense.Multiple heap buffer overflows and an array indexing error were found inthe GStreamer's QuickTime media file format decoding plugin. An attackercould create a carefully-crafted QuickTime media .mov file that would causean application using GStreamer to crash or, potentially, execute arbitrarycode if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397)All users of gstreamer-plugins-good are advised to upgrade to these updatedpackages, which contain backported patches to correct these issues. Afterinstalling the update, all applications using GStreamer (such as totem orrhythmbox) must be restarted for the changes to take effect.

Solution(s)

  • redhat-upgrade-gstreamer-plugins-good
  • redhat-upgrade-gstreamer-plugins-good-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;