Описание
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues:
- A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198)
- A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199)
- A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2017:1004-1
- E-Mail link for SUSE-SU-2017:1004-1
- SUSE Security Ratings
- SUSE Bug 1024014
- SUSE Bug 1024017
- SUSE Bug 1024034
- SUSE CVE CVE-2016-10198 page
- SUSE CVE CVE-2016-10199 page
- SUSE CVE CVE-2017-5840 page
Описание
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2016-10198
- SUSE Bug 1023259
- SUSE Bug 1024014
Описание
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
Затронутые продукты
Ссылки
- CVE-2016-10199
- SUSE Bug 1023259
- SUSE Bug 1024017
Описание
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
Затронутые продукты
Ссылки
- CVE-2017-5840
- SUSE Bug 1023259
- SUSE Bug 1024034