In association with heise online

26 January 2009, 12:01

Multiple heap overflows in plug-in for GStreamer media framework

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Modified QuickTime files can be used to provoke several heap overflows in the GStreamer Good Plug-in. Free Media players such as Totem and Amarok use the GStreamer framework for playing audio and video files. For a successful attack the victim must download a modified file and open it on an affected version.

The vulnerability has been fixed in version 0.10.12 and version 0.10.13 , which is also free of this bug, has already been released to fix an error that was not security related. The new versions are available for Linux distributions, however the Windows binaries are still on version 0.10.5. New versions are available to download from the GStreamer website.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit