[3.5] gst-plugins-bad1: Multiple issues (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843, CVE-2017-5848)
CVE-2016-9809: Off-by-one read in gst_h264_parse_set_caps
Off-by-one error in the gst_h264_parse_set_caps function in
GStreamer before 1.10.2 allows remote
attackers to have unspecified impact via a crafted file, which triggers
an out-of-bounds read.
References:
http://seclists.org/oss-sec/2016/q4/589
Patch:
CVE-2016-9812: Out-of-bounds read in gst_mpegts_section_new
The gst_mpegts_section_new function in the mpegts decoder in
GStreamer before 1.10.2 allows remote
attackers to cause a denial of service (out-of-bounds read) via a too
small section.
references:
http://seclists.org/oss-sec/2016/q4/589
https://nvd.nist.gov/vuln/detail/CVE-2016-9812
Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/d58f668ece8795bddb3316832e1848c7b7cf38ac
CVE-2016-9813: NULL pointer dereference in mpegts parser
The _parse_pat function in the mpegts parser in GStreamer before
1.10.2 allows remote attackers
to cause a denial of service (NULL pointer dereference and crash) via a
crafted file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9813
http://seclists.org/oss-sec/2016/q4/589
Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/7b12593cceaa0726d7fc370a7556a8e773ccf318
CVE-2017-5843: Multiple use-after-free vulnerabilities in the (1)
gst_mini_object_unref, (2) gst_tag_list_unref, and (3)
gst_mxf_demux_update_essence_tracks
functions in GStreamer before 1.10.3 allow remote attackers to cause a
denial of service (crash) via vectors involving stream tags, as
demonstrated by 02785736.mxf.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5843
Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/08723e6
CVE-2017-5848: Invalid memory read in gst_ps_demux_parse_psm
References:
http://seclists.org/oss-sec/2017/q1/284
http://www.openwall.com/lists/oss-security/2017/02/01/7
Patch:
https://github.com/GStreamer/gst-plugins-bad/commit/948b87bf1514de
(from redmine: issue id 7216, created on 2017-04-26, closed on 2017-05-02)
- Relations:
- parent #7215 (closed)
- Changesets:
- Revision 630d0cc2 on 2017-04-28T14:01:57Z:
main/gst-plugins-bad1: upgrade to 1.8.3 - partially fixes #7216
CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843
Not fixed: CVE-2017-5848