VYPR
Unrated severityNVD Advisory· Published Feb 3, 2009· Updated Jun 16, 2026

CVE-2009-0397

CVE-2009-0397

Description

Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:gstreamer:good_plug-ins:0.10.10:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:gstreamer:good_plug-ins:0.10.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gstreamer:good_plug-ins:0.10.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gstreamer:good_plug-ins:0.10.9:*:*:*:*:*:*:*
    • (no CPE)range: 0.10.9 - 0.10.11
  • cpe:2.3:a:gstreamer:plug-ins:0.8.5:*:*:*:*:*:*:*
  • Range: 0.8.5

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.