PYSEC-2009-16

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/gstreamer-plugins/PYSEC-2009-16.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2009-16

Aliases

CVE-2009-0397

Published

2009-02-03T11:30:00.780Z

Modified

2026-05-21T15:00:14.168166153Z

Summary

[none]

Details

Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.

References

Affected packages

PyPI / gstreamer-plugins

Package

Name: gstreamer-plugins; View open source insights on deps.dev
Purl: pkg:pypi/gstreamer-plugins

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.10.9

Last affected

0.10.10

Last affected

0.10.11

Last affected

0.8.5

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/gstreamer-plugins/PYSEC-2009-16.yaml"