PT-2017-10346 · Gstreamer+5 · Gstreamer+6

Hanno Böck

Published

2016-11-29

Updated

2021-11-30

CVE-2016-9811

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.10.2 gst-plugins-base versions prior to 1.10.2

Description The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds read, via a crafted ico file. This occurs when the G SLICE is set to always-malloc. The windows icon typefind function in gst-plugins-base is the vulnerable component.

Recommendations For GStreamer versions prior to 1.10.2, update to version 1.10.2 or later. For gst-plugins-base versions prior to 1.10.2, update to version 1.10.2 or later. As a temporary workaround, consider restricting the use of the windows icon typefind function until a patch is available.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2016-2372

CESA-2017_2060

CVE-2016-9811

DLA-2126-1

DLA-735-1

DSA-3819-1

MGASA-2017-0021

RHSA-2017:2060

RHSA-2017_2060

SUSE-SU-2017:0189-1

SUSE-SU-2017:0211-1

SUSE-SU-2017:0242-1

SUSE-SU-2017:0263-1

SUSE-SU-2017:0289-1

SUSE-SU-2017_0189-1

SUSE-SU-2017_0211-1

SUSE-SU-2017_0242-1

SUSE-SU-2017_0263-1

SUSE-SU-2017_0289-1

USN-3244-1

Affected Products

Alt Linux

Centos

Gstreamer

Red Hat

Suse

Ubuntu

Gst-Plugins-Base

PT-2017-10346 · Gstreamer+5 · Gstreamer+6

CVE-2016-9811

Weakness Enumeration

Related Identifiers

Affected Products

References · 46