aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:54:09Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7290[3.4] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904, CVE-2017-8905)2019-07-23T11:54:09ZAlicha CH[3.4] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904, CVE-2017-8905)**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
...**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
### References:
http://xenbits.xen.org/xsa/advisory-214.html
**CVE-2017-8905, XSA-215**: possible memory corruption via failsafe
callback
### Reference:
http://xenbits.xen.org/xsa/advisory-215.html
*(from redmine: issue id 7290, created on 2017-05-18, closed on 2017-06-16)*
* Relations:
* parent #7287
* Changesets:
* Revision 7f989732c4db2c7fa917bf58b0dd9b931dc2b9a5 on 2017-06-15T13:19:20Z:
```
main/xen: security fixes #7290
CVE-2017-8903, CVE-2017-8904, CVE-2017-8905
```3.4.7Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7289[3.5] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904)2019-07-23T11:54:10ZAlicha CH[3.5] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904)**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
...**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
### References:
http://xenbits.xen.org/xsa/advisory-214.html
*(from redmine: issue id 7289, created on 2017-05-18, closed on 2017-06-16)*
* Relations:
* parent #7287
* Changesets:
* Revision 231b8648691a0c1f456d8f87e56bd6480fb4a0bc on 2017-06-15T13:00:38Z:
```
main/xen: security fixes #7289
CVE-2017-8903, CVE-2017-8904, CVE-2017-8905
```3.5.3Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7288[3.6] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904)2019-07-23T11:54:11ZAlicha CH[3.6] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904)**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
...**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
### References:
http://xenbits.xen.org/xsa/advisory-214.html
*(from redmine: issue id 7288, created on 2017-05-18, closed on 2017-06-16)*
* Relations:
* parent #7287
* Changesets:
* Revision 02f653dc5c3514c817450fa2f88a49c1bda04244 by Carlo Landmeter on 2017-05-22T11:25:34Z:
```
main/xen: sec fixes XSA-213 XSA-214
fixes #7288
```3.6.0Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7287xen: Multiple issues (CVE-2017-8903, CVE-2017-8904, CVE-2017-8905)2019-07-23T11:54:13ZAlicha CHxen: Multiple issues (CVE-2017-8903, CVE-2017-8904, CVE-2017-8905)**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
...**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
### References:
http://xenbits.xen.org/xsa/advisory-214.html
**CVE-2017-8905, XSA-215**: possible memory corruption via failsafe
callback
### Reference:
http://xenbits.xen.org/xsa/advisory-215.html
*(from redmine: issue id 7287, created on 2017-05-18, closed on 2017-06-16)*
* Relations:
* child #7288
* child #7289
* child #7290
* child #7291
* child #7292Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7270[3.2] freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-...2019-07-23T11:54:24ZAlicha CH[3.2] freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-2017-8287)CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### Referenc...CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10244
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1load.c?h=VER-2-7&id=a660e3de422731b94d4a134d27555430cbb6fb39
CVE-2017-8105: heap-based buffer overflow related to the t1\_decoder\_parse\_charstrings
----------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8105
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
CVE-2017-8287: heap-based buffer overflow related to the t1\_builder\_close\_contour function
---------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8287
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
*(from redmine: issue id 7270, created on 2017-05-04, closed on 2017-06-16)*
* Relations:
* parent #7266
* Changesets:
* Revision e4bb22b94325a5d26f07a717475760c410e49f25 on 2017-06-15T13:49:28Z:
```
main/freetype: security fixes #7270
CVE-2016-10244, CVE-2017-8105, CVE-2017-8287
```3.2.4Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7269[3.3] freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-...2019-07-23T11:54:25ZAlicha CH[3.3] freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-2017-8287)CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### Referenc...CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10244
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1load.c?h=VER-2-7&id=a660e3de422731b94d4a134d27555430cbb6fb39
CVE-2017-8105: heap-based buffer overflow related to the t1\_decoder\_parse\_charstrings
----------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8105
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
CVE-2017-8287: heap-based buffer overflow related to the t1\_builder\_close\_contour function
---------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8287
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
*(from redmine: issue id 7269, created on 2017-05-04, closed on 2017-06-16)*
* Relations:
* parent #7266
* Changesets:
* Revision c5817a33b6ca1ed535e773a879e359fb32c39aa1 on 2017-06-15T13:45:24Z:
```
main/freetype: upgrade to 2.6.3. Security fixes #7269
CVE-2016-10244, CVE-2017-8105, CVE-2017-8287
```3.3.4Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7268[3.4] freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-...2019-07-23T11:54:27ZAlicha CH[3.4] freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-2017-8287)CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### Referenc...CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10244
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1load.c?h=VER-2-7&id=a660e3de422731b94d4a134d27555430cbb6fb39
CVE-2017-8105: heap-based buffer overflow related to the t1\_decoder\_parse\_charstrings
----------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8105
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
CVE-2017-8287: heap-based buffer overflow related to the t1\_builder\_close\_contour function
---------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8287
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
*(from redmine: issue id 7268, created on 2017-05-04, closed on 2017-06-16)*
* Relations:
* parent #7266
* Changesets:
* Revision b214882eb550b57e1a6f1c44dfdd338ad11850f9 on 2017-06-15T13:38:18Z:
```
main/freetype: security fixes #7268
CVE-2016-10244, CVE-2017-8105, CVE-2017-8287
```3.4.7Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7267[3.5] freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-...2019-07-23T11:54:28ZAlicha CH[3.5] freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-2017-8287)CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### Referenc...CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10244
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1load.c?h=VER-2-7&id=a660e3de422731b94d4a134d27555430cbb6fb39
CVE-2017-8105: heap-based buffer overflow related to the t1\_decoder\_parse\_charstrings
----------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8105
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
CVE-2017-8287: heap-based buffer overflow related to the t1\_builder\_close\_contour function
---------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8287
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
*(from redmine: issue id 7267, created on 2017-05-04, closed on 2017-06-16)*
* Relations:
* parent #7266
* Changesets:
* Revision 1050b6acec33be8e4a2e6838971c4861b62bbf9d by Daniel Sabogal on 2017-05-05T07:09:56Z:
```
main/freetype: security fixes #7267 (CVE-2017-8105, CVE-2017-8287)
CVE-2016-10244 is already fixed in this release
```3.5.3Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7266freetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-2017-8...2019-07-23T11:54:29ZAlicha CHfreetype: Multiple vulnerabilities (CVE-2016-10244, CVE-2017-8105, CVE-2017-8287)CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### Referenc...CVE-2016-10244: parse\_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name
---------------------------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10244
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1load.c?h=VER-2-7&id=a660e3de422731b94d4a134d27555430cbb6fb39
CVE-2017-8105: heap-based buffer overflow related to the t1\_decoder\_parse\_charstrings
----------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8105
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
CVE-2017-8287: heap-based buffer overflow related to the t1\_builder\_close\_contour function
---------------------------------------------------------------------------------------------
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8287
### Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
*(from redmine: issue id 7266, created on 2017-05-04, closed on 2017-06-16)*
* Relations:
* child #7267
* child #7268
* child #7269
* child #7270Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7240[3.4] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)2019-07-23T11:54:42ZAlicha CH[3.4] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and cra...**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via vectors related to the number of languages in a
video file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5846
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-ugly/commit/?id=dec880031d16f1ee4919a36f49298419246cf6a8
**CVE-2017-5847**: References: The
gst\_asf\_demux\_process\_ext\_content\_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in
GStreamer allows remote attackers to cause a denial of service
(out-of-bounds heap read) via vectors involving extended content
descriptors.
### References
https://nvd.nist.gov/vuln/detail/CVE-2017-5847
### Patch:
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
*(from redmine: issue id 7240, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7237
* Changesets:
* Revision 01c266e211afee4f4248e5ebb976b1be1e8d332b on 2017-05-01T07:19:56Z:
```
main/gst-plugins-ugly1: upgrade to 1.8.3 -fixes #7240
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7239[3.5] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)2019-07-23T11:54:43ZAlicha CH[3.5] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and cra...**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via vectors related to the number of languages in a
video file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5846
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-ugly/commit/?id=dec880031d16f1ee4919a36f49298419246cf6a8
**CVE-2017-5847**: References: The
gst\_asf\_demux\_process\_ext\_content\_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in
GStreamer allows remote attackers to cause a denial of service
(out-of-bounds heap read) via vectors involving extended content
descriptors.
### References
https://nvd.nist.gov/vuln/detail/CVE-2017-5847
### Patch:
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
*(from redmine: issue id 7239, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7237
* Changesets:
* Revision ae910415f7f4a4221f783883783dd364d040eaa4 on 2017-05-01T07:13:38Z:
```
main/gst-plugins-ugly1: upgrade to 1.8.3 - fixes #7239
CVE-2017-5846, CVE-2017-5847
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7238[3.6] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)2019-07-23T11:54:44ZAlicha CH[3.6] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and cra...**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via vectors related to the number of languages in a
video file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5846
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-ugly/commit/?id=dec880031d16f1ee4919a36f49298419246cf6a8
**CVE-2017-5847**: References: The
gst\_asf\_demux\_process\_ext\_content\_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in
GStreamer allows remote attackers to cause a denial of service
(out-of-bounds heap read) via vectors involving extended content
descriptors.
### References
https://nvd.nist.gov/vuln/detail/CVE-2017-5847
### Patch:
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
*(from redmine: issue id 7238, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7237
* Changesets:
* Revision b8a7d654872e2cbbcd72060ff253170be3c8f1ba on 2017-04-28T14:47:30Z:
```
main/gst-plugins-ugly1: security upgrade 1.10.4 - fixes #7238
CVE-2017-5846, CVE-2017-5847
Add check()
```3.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7237gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)2019-07-23T11:54:45ZAlicha CHgst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and cra...**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via vectors related to the number of languages in a
video file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5846
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-ugly/commit/?id=dec880031d16f1ee4919a36f49298419246cf6a8
**CVE-2017-5847**: References: The
gst\_asf\_demux\_process\_ext\_content\_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in
GStreamer allows remote attackers to cause a denial of service
(out-of-bounds heap read) via vectors involving extended content
descriptors.
### References
https://nvd.nist.gov/vuln/detail/CVE-2017-5847
### Patch:
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
*(from redmine: issue id 7237, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* child #7238
* child #7239
* child #7240
* child #7241
* child #7242Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7228[3.4] gst-plugins-base1: Multiple vulnerabilities (CVE-2016-9811, CVE-2017-58...2019-07-23T11:54:47ZAlicha CH[3.4] gst-plugins-base1: Multiple vulnerabilities (CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842, CVE-2017-5844)**CVE-2016-9811**: The windows\_icon\_typefind function in
gst-plugins-base in GStreamer before 1.10.2, when G\_SLICE is set to
always-malloc, allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted ico ...**CVE-2016-9811**: The windows\_icon\_typefind function in
gst-plugins-base in GStreamer before 1.10.2, when G\_SLICE is set to
always-malloc, allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted ico file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9811
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/2fdccfd64fc609e44e9c4b8eed5bfdc0ab9c9095
**CVE-2017-5837**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3
allows remote attackers to cause a denial of service (floating point
exception and crash) via a crafted video file.
### References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5837
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/81d3ba3fa212bb25fe2ac661993887c4b69af6f1
**CVE-2017-5839**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 does not properly
limit recursion, which allows remote attackers to cause a denial of
service (stack overflow and crash) via vectors involving nested
WAVEFORMATEX.
### References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5839
h3.Patch:
https://github.com/GStreamer/gst-plugins-base/commit/ef55c8a
**CVE-2017-5842**: The html\_context\_handle\_element function in
gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3
allows remote
attackers to cause a denial of service (out-of-bounds write) via a
crafted SMI file, as demonstrated by OneNote\_Manager.smi.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5842
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/d894c19
**CVE-2017-5844**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 allows
remote attackers to cause a denial of service (floating point exception
and crash) via a crafted ASF file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5844
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/5d505d108800cef210f67dcfed2801ba36beac2a
*(from redmine: issue id 7228, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7226
* Changesets:
* Revision 6ab23d65ce6f9c882e4efe3db6202a2b3ec58343 on 2017-04-28T14:41:20Z:
```
main/gst-plugins-base1: upgrade to 1.8.3 - fixes #7228
CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842, CVE-2017-5844
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7227[3.5] gst-plugins-base1: Multiple vulnerabilities (CVE-2016-9811, CVE-2017-58...2019-07-23T11:54:48ZAlicha CH[3.5] gst-plugins-base1: Multiple vulnerabilities (CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842, CVE-2017-5844)**CVE-2016-9811**: The windows\_icon\_typefind function in
gst-plugins-base in GStreamer before 1.10.2, when G\_SLICE is set to
always-malloc, allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted ico ...**CVE-2016-9811**: The windows\_icon\_typefind function in
gst-plugins-base in GStreamer before 1.10.2, when G\_SLICE is set to
always-malloc, allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted ico file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9811
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/2fdccfd64fc609e44e9c4b8eed5bfdc0ab9c9095
**CVE-2017-5837**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3
allows remote attackers to cause a denial of service (floating point
exception and crash) via a crafted video file.
### References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5837
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/81d3ba3fa212bb25fe2ac661993887c4b69af6f1
**CVE-2017-5839**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 does not properly
limit recursion, which allows remote attackers to cause a denial of
service (stack overflow and crash) via vectors involving nested
WAVEFORMATEX.
### References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5839
h3.Patch:
https://github.com/GStreamer/gst-plugins-base/commit/ef55c8a
**CVE-2017-5842**: The html\_context\_handle\_element function in
gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3
allows remote
attackers to cause a denial of service (out-of-bounds write) via a
crafted SMI file, as demonstrated by OneNote\_Manager.smi.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5842
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/d894c19
**CVE-2017-5844**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 allows
remote attackers to cause a denial of service (floating point exception
and crash) via a crafted ASF file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5844
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/5d505d108800cef210f67dcfed2801ba36beac2a
*(from redmine: issue id 7227, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7226
* Changesets:
* Revision 8901f4a1a9cb2e4c61387c538b5ceb2be48cebf1 on 2017-04-28T14:20:43Z:
```
main/gst-plugins-base1: upgrade to 1.8.3 - fixes #7227
CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842, CVE-2017-5844
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7226gst-plugins-base1: Multiple vulnerabilities (CVE-2016-9811, CVE-2017-5837, CV...2019-07-23T11:54:49ZAlicha CHgst-plugins-base1: Multiple vulnerabilities (CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842, CVE-2017-5844)**CVE-2016-9811**: The windows\_icon\_typefind function in
gst-plugins-base in GStreamer before 1.10.2, when G\_SLICE is set to
always-malloc, allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted ico ...**CVE-2016-9811**: The windows\_icon\_typefind function in
gst-plugins-base in GStreamer before 1.10.2, when G\_SLICE is set to
always-malloc, allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted ico file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9811
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/2fdccfd64fc609e44e9c4b8eed5bfdc0ab9c9095
**CVE-2017-5837**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3
allows remote attackers to cause a denial of service (floating point
exception and crash) via a crafted video file.
### References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5837
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/81d3ba3fa212bb25fe2ac661993887c4b69af6f1
**CVE-2017-5839**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 does not properly
limit recursion, which allows remote attackers to cause a denial of
service (stack overflow and crash) via vectors involving nested
WAVEFORMATEX.
### References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5839
h3.Patch:
https://github.com/GStreamer/gst-plugins-base/commit/ef55c8a
**CVE-2017-5842**: The html\_context\_handle\_element function in
gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3
allows remote
attackers to cause a denial of service (out-of-bounds write) via a
crafted SMI file, as demonstrated by OneNote\_Manager.smi.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5842
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/d894c19
**CVE-2017-5844**: The gst\_riff\_create\_audio\_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 allows
remote attackers to cause a denial of service (floating point exception
and crash) via a crafted ASF file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5844
### Patch:
https://github.com/GStreamer/gst-plugins-base/commit/5d505d108800cef210f67dcfed2801ba36beac2a
*(from redmine: issue id 7226, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* child #7227
* child #7228
* child #7229
* child #7230Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7217[3.4] gst-plugins-bad1: Multiple issues (CVE-2016-9809, CVE-2016-9812, CVE-20...2019-07-23T11:54:50ZAlicha CH[3.4] gst-plugins-bad1: Multiple issues (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843, CVE-2017-5848)**CVE-2016-9809**: Off-by-one read in gst\_h264\_parse\_set\_caps
Off-by-one error in the gst\_h264\_parse\_set\_caps function in
GStreamer before 1.10.2 allows remote
attackers to have unspecified impact via a crafted file, which tri...**CVE-2016-9809**: Off-by-one read in gst\_h264\_parse\_set\_caps
Off-by-one error in the gst\_h264\_parse\_set\_caps function in
GStreamer before 1.10.2 allows remote
attackers to have unspecified impact via a crafted file, which triggers
an out-of-bounds read.
### References:
http://seclists.org/oss-sec/2016/q4/589
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=1dbfef93d6aca245f1793f9b5348a9dbcd02be97
**CVE-2016-9812**: Out-of-bounds read in gst\_mpegts\_section\_new
The gst\_mpegts\_section\_new function in the mpegts decoder in
GStreamer before 1.10.2 allows remote
attackers to cause a denial of service (out-of-bounds read) via a too
small section.
### references:
http://seclists.org/oss-sec/2016/q4/589
https://nvd.nist.gov/vuln/detail/CVE-2016-9812
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/d58f668ece8795bddb3316832e1848c7b7cf38ac
**CVE-2016-9813**: NULL pointer dereference in mpegts parser
The \_parse\_pat function in the mpegts parser in GStreamer before
1.10.2 allows remote attackers
to cause a denial of service (NULL pointer dereference and crash) via a
crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9813
http://seclists.org/oss-sec/2016/q4/589
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/7b12593cceaa0726d7fc370a7556a8e773ccf318
**CVE-2017-5843**: Multiple use-after-free vulnerabilities in the (1)
gst\_mini\_object\_unref, (2) gst\_tag\_list\_unref, and (3)
gst\_mxf\_demux\_update\_essence\_tracks
functions in GStreamer before 1.10.3 allow remote attackers to cause a
denial of service (crash) via vectors involving stream tags, as
demonstrated by 02785736.mxf.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5843
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/08723e6
**CVE-2017-5848**: Invalid memory read in gst\_ps\_demux\_parse\_psm
### References:
http://seclists.org/oss-sec/2017/q1/284
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/948b87bf1514de
*(from redmine: issue id 7217, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7215
* Changesets:
* Revision bca04acd0fb5dac825666421ee8beb3d74a80cd0 on 2017-04-28T14:06:34Z:
```
main/gst-plugins-bad1: upgrade to 1.8.3 - partially fixes #7217
CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843
Not fixed: CVE-2017-5848
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7216[3.5] gst-plugins-bad1: Multiple issues (CVE-2016-9809, CVE-2016-9812, CVE-20...2019-07-23T11:54:51ZAlicha CH[3.5] gst-plugins-bad1: Multiple issues (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843, CVE-2017-5848)**CVE-2016-9809**: Off-by-one read in gst\_h264\_parse\_set\_caps
Off-by-one error in the gst\_h264\_parse\_set\_caps function in
GStreamer before 1.10.2 allows remote
attackers to have unspecified impact via a crafted file, which tri...**CVE-2016-9809**: Off-by-one read in gst\_h264\_parse\_set\_caps
Off-by-one error in the gst\_h264\_parse\_set\_caps function in
GStreamer before 1.10.2 allows remote
attackers to have unspecified impact via a crafted file, which triggers
an out-of-bounds read.
### References:
http://seclists.org/oss-sec/2016/q4/589
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=1dbfef93d6aca245f1793f9b5348a9dbcd02be97
**CVE-2016-9812**: Out-of-bounds read in gst\_mpegts\_section\_new
The gst\_mpegts\_section\_new function in the mpegts decoder in
GStreamer before 1.10.2 allows remote
attackers to cause a denial of service (out-of-bounds read) via a too
small section.
### references:
http://seclists.org/oss-sec/2016/q4/589
https://nvd.nist.gov/vuln/detail/CVE-2016-9812
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/d58f668ece8795bddb3316832e1848c7b7cf38ac
**CVE-2016-9813**: NULL pointer dereference in mpegts parser
The \_parse\_pat function in the mpegts parser in GStreamer before
1.10.2 allows remote attackers
to cause a denial of service (NULL pointer dereference and crash) via a
crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9813
http://seclists.org/oss-sec/2016/q4/589
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/7b12593cceaa0726d7fc370a7556a8e773ccf318
**CVE-2017-5843**: Multiple use-after-free vulnerabilities in the (1)
gst\_mini\_object\_unref, (2) gst\_tag\_list\_unref, and (3)
gst\_mxf\_demux\_update\_essence\_tracks
functions in GStreamer before 1.10.3 allow remote attackers to cause a
denial of service (crash) via vectors involving stream tags, as
demonstrated by 02785736.mxf.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5843
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/08723e6
**CVE-2017-5848**: Invalid memory read in gst\_ps\_demux\_parse\_psm
### References:
http://seclists.org/oss-sec/2017/q1/284
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/948b87bf1514de
*(from redmine: issue id 7216, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7215
* Changesets:
* Revision 630d0cc2c0cb13094fcb6e5b2309cc517da70188 on 2017-04-28T14:01:57Z:
```
main/gst-plugins-bad1: upgrade to 1.8.3 - partially fixes #7216
CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843
Not fixed: CVE-2017-5848
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7215gst-plugins-bad1: Multiple issues (CVE-2016-9809, CVE-2016-9812, CVE-2016-981...2019-07-23T11:54:53ZAlicha CHgst-plugins-bad1: Multiple issues (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843, CVE-2017-5848)**CVE-2016-9809**: Off-by-one read in gst\_h264\_parse\_set\_caps
Off-by-one error in the gst\_h264\_parse\_set\_caps function in
GStreamer before 1.10.2 allows remote
attackers to have unspecified impact via a crafted file, which tri...**CVE-2016-9809**: Off-by-one read in gst\_h264\_parse\_set\_caps
Off-by-one error in the gst\_h264\_parse\_set\_caps function in
GStreamer before 1.10.2 allows remote
attackers to have unspecified impact via a crafted file, which triggers
an out-of-bounds read.
### References:
http://seclists.org/oss-sec/2016/q4/589
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=1dbfef93d6aca245f1793f9b5348a9dbcd02be97
**CVE-2016-9812**: Out-of-bounds read in gst\_mpegts\_section\_new
The gst\_mpegts\_section\_new function in the mpegts decoder in
GStreamer before 1.10.2 allows remote
attackers to cause a denial of service (out-of-bounds read) via a too
small section.
### references:
http://seclists.org/oss-sec/2016/q4/589
https://nvd.nist.gov/vuln/detail/CVE-2016-9812
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/d58f668ece8795bddb3316832e1848c7b7cf38ac
**CVE-2016-9813**: NULL pointer dereference in mpegts parser
The \_parse\_pat function in the mpegts parser in GStreamer before
1.10.2 allows remote attackers
to cause a denial of service (NULL pointer dereference and crash) via a
crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9813
http://seclists.org/oss-sec/2016/q4/589
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/7b12593cceaa0726d7fc370a7556a8e773ccf318
**CVE-2017-5843**: Multiple use-after-free vulnerabilities in the (1)
gst\_mini\_object\_unref, (2) gst\_tag\_list\_unref, and (3)
gst\_mxf\_demux\_update\_essence\_tracks
functions in GStreamer before 1.10.3 allow remote attackers to cause a
denial of service (crash) via vectors involving stream tags, as
demonstrated by 02785736.mxf.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5843
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/08723e6
**CVE-2017-5848**: Invalid memory read in gst\_ps\_demux\_parse\_psm
### References:
http://seclists.org/oss-sec/2017/q1/284
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/948b87bf1514de
*(from redmine: issue id 7215, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* child #7216
* child #7217
* child #7218
* child #7219Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7206[3.4] gst-plugins-good1: Multiple vulnerabilities (CVE-2016-10198, CVE-2016-1...2019-07-23T11:54:54ZAlicha CH[3.4] gst-plugins-good1: Multiple vulnerabilities (CVE-2016-10198, CVE-2016-10199, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808, CVE-2017-5840, CVE-2017-5841, CVE-2017-5845)**CVE-2016-9634, CVE-2016-9635, CVE-2016-9636**: Heap-based buffer
overflow in the flx\_decode\_delta\_fli function in gst/flx/gstflxdec.c
in the FLIC decoder in GStreamer
before 1.10.2 allows remote attackers to execute arbitrary code...**CVE-2016-9634, CVE-2016-9635, CVE-2016-9636**: Heap-based buffer
overflow in the flx\_decode\_delta\_fli function in gst/flx/gstflxdec.c
in the FLIC decoder in GStreamer
before 1.10.2 allows remote attackers to execute arbitrary code or cause
a denial of service (application crash) via the start\_line parameter.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9634
https://nvd.nist.gov/vuln/detail/CVE-2016-9635
https://nvd.nist.gov/vuln/detail/CVE-2016-9636
### Patches:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
**CVE-2016-9808**: The FLIC decoder in GStreamer before 1.10.2 allows
remote attackers to cause a denial of service
(out-of-bounds write and crash) via a crafted series of skip and count
pairs.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9808
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
**CVE-2016-10198**: The gst\_aac\_parse\_sink\_setcaps function in
gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before
1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via a crafted audio file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10198
### Patch:
https://github.com/GStreamer/gst-plugins-good/commit/87a2c140ca54c5128093377e9b25a5c24b346727
**CVE-2016-10199**: The qtdemux\_tag\_add\_str\_full function in
gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (out-of-bounds read
and crash) via a crafted tag value.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10199
### Patch:
https://github.com/GStreamer/gst-plugins-good/commit/d0949baf3dadea6021d54abef6802fed5a06af75
**CVE-2017-5840**: The qtdemux\_parse\_samples function in
gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (out-of-bounds heap
read) via vectors involving the current stts index.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5840
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patches:
https://github.com/GStreamer/gst-plugins-good/commit/99d5d75
https://github.com/GStreamer/gst-plugins-good/commit/1ffef8b
**CVE-2017-5841**: The gst\_avi\_demux\_parse\_ncdt function in
gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (out-of-bounds heap
read) via vectors involving ncdt tags.
### References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5841
### Patch:
https://github.com/GStreamer/gst-plugins-good/commit/32d9f3c
**CVE-2017-5845**: The gst\_avi\_demux\_parse\_ncdt function in
gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via a ncdt sub-tag that “goes behind” the surrounding
tag.
### References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5845
### Patch:
https://github.com/GStreamer/gst-plugins-good/commit/4f47835
*(from redmine: issue id 7206, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7204
* Changesets:
* Revision 65a9c6cbf0d7b61eb2ac4941fc9e20ed1316638e on 2017-04-28T13:01:40Z:
```
main/gst-plugins-good1: upgrade to 1.8.3 - fixes #7206
CVE-2016-10198, CVE-2016-10199, CVE-2016-9634, CVE-2016-9635,
CVE-2016-9636, CVE-2016-9808, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5845
```3.4.7Natanael CopaNatanael Copa