[3.2] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)
CVE-2017-5846: The gst_asf_demux_process_ext_stream_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.
CVE-2017-5847: References: The
gst_asf_demux_process_ext_content_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in
GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
(from redmine: issue id 7242, created on 2017-04-26, closed on 2017-05-01)
- parent #7237 (closed)