Описание
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues:
- A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198)
- A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199)
- A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840)
- A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (bsc#1024030, CVE-2017-5841)
- A crafted avi file could have caused an invalid read access resulting in denial of service (bsc#1024062, CVE-2017-5845)
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1076-1
- SUSE Security Ratings
Описание
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2016-10198
- SUSE Bug 1023259
- SUSE Bug 1024014
Описание
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
Затронутые продукты
Ссылки
- CVE-2016-10199
- SUSE Bug 1023259
- SUSE Bug 1024017
Описание
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
Затронутые продукты
Ссылки
- CVE-2017-5840
- SUSE Bug 1023259
- SUSE Bug 1024034
Описание
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
Затронутые продукты
Ссылки
- CVE-2017-5841
- SUSE Bug 1023259
- SUSE Bug 1024030
- SUSE Bug 1024062
Описание
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
Затронутые продукты
Ссылки
- CVE-2017-5845
- SUSE Bug 1023259
- SUSE Bug 1024062