PT-2016-3324 · Gstreamer+5 · Gstreamer+5

Hanno Böck

Published

2016-12-01

Updated

2024-06-15

CVE-2016-10198

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.10.3

Description The issue is related to the gst aac parse sink setcaps function in the gst-plugins-good plugin of the GStreamer multimedia framework. It allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. The vulnerability is associated with a buffer overflow in memory, which can be exploited by a remote attacker to cause a denial of service through a specially crafted audio file.

Recommendations For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider disabling the gst aac parse sink setcaps function until a patch is available. Restrict access to crafted audio files to minimize the risk of exploitation.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-1106

BDU:2021-00804

CESA-2017_2060

CVE-2016-10198

DLA-2225-1

DLA-828-1

DSA-3820-1

MGASA-2017-0348

OESA-2021-1048

OPENSUSE-SU-2024:10826-1

RHSA-2017:2060

RHSA-2017_2060

SUSE-SU-2017:1004-1

SUSE-SU-2017:1010-1

SUSE-SU-2017_1004-1

SUSE-SU-2017_1010-1

USN-3245-1

Affected Products

Alt Linux

Centos

Gstreamer

Red Hat

Suse

Ubuntu

PT-2016-3324 · Gstreamer+5 · Gstreamer+5

CVE-2016-10198

Weakness Enumeration

Related Identifiers

Affected Products

References · 145