Multiple heap overflows in plug-in for GStreamer media framework
Modified QuickTime files can be used to provoke several heap overflows in the GStreamer Good Plug-in. Free Media players such as Totem and Amarok use the GStreamer framework for playing audio and video files. For a successful attack the victim must download a modified file and open it on an affected version.
The vulnerability has been fixed in version 0.10.12 and version 0.10.13 , which is also free of this bug, has already been released to fix an error that was not security related. The new versions are available for Linux distributions, however the Windows binaries are still on version 0.10.5. New versions are available to download from the GStreamer website.
- GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities, a report from Tobias Klein