[3.2] gst-plugins-good1: Multiple vulnerabilities (CVE-2016-10198, CVE-2016-10199, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808, CVE-2017-5840, CVE-2017-5841, CVE-2017-5845)
CVE-2016-9634, CVE-2016-9635, CVE-2016-9636: Heap-based buffer
overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c
in the FLIC decoder in GStreamer
before 1.10.2 allows remote attackers to execute arbitrary code or cause
a denial of service (application crash) via the start_line parameter.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9634
https://nvd.nist.gov/vuln/detail/CVE-2016-9635
https://nvd.nist.gov/vuln/detail/CVE-2016-9636
Patches:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9808: The FLIC decoder in GStreamer before 1.10.2 allows
remote attackers to cause a denial of service
(out-of-bounds write and crash) via a crafted series of skip and count
pairs.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9808
Patch:
CVE-2016-10198: The gst_aac_parse_sink_setcaps function in
gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before
1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via a crafted audio file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10198
Patch:
https://github.com/GStreamer/gst-plugins-good/commit/87a2c140ca54c5128093377e9b25a5c24b346727
CVE-2016-10199: The qtdemux_tag_add_str_full function in
gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (out-of-bounds read
and crash) via a crafted tag value.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10199
Patch:
https://github.com/GStreamer/gst-plugins-good/commit/d0949baf3dadea6021d54abef6802fed5a06af75
CVE-2017-5840: The qtdemux_parse_samples function in
gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (out-of-bounds heap
read) via vectors involving the current stts index.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5840
http://www.openwall.com/lists/oss-security/2017/02/01/7
Patches:
https://github.com/GStreamer/gst-plugins-good/commit/99d5d75
https://github.com/GStreamer/gst-plugins-good/commit/1ffef8b
CVE-2017-5841: The gst_avi_demux_parse_ncdt function in
gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (out-of-bounds heap
read) via vectors involving ncdt tags.
References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5841
Patch:
https://github.com/GStreamer/gst-plugins-good/commit/32d9f3c
CVE-2017-5845: The gst_avi_demux_parse_ncdt function in
gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via a ncdt sub-tag that “goes behind” the surrounding
tag.
References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5845
Patch:
https://github.com/GStreamer/gst-plugins-good/commit/4f47835
(from redmine: issue id 7208, created on 2017-04-26, closed on 2017-04-28)
- Relations:
- parent #7204 (closed)