oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple memory access issues in gstreamer

From: <cve-assign () mitre org>
Date: Thu, 2 Feb 2017 01:00:44 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


[] https://bugzilla.gnome.org/show_bug.cgi?id=775450
gst-plugins-good/aacparse: invalid memory read in
gst_aac_parse_sink_setcaps


Use CVE-2016-10198.



[] https://bugzilla.gnome.org/show_bug.cgi?id=775451
gst-plugins-good/qtdemux: out of bounds read in qtdemux_tag_add_str_full


Use CVE-2016-10199.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777262
gst-plugins-base/riff-media: floating point exception in
gst_riff_create_audio_caps


Use CVE-2017-5837.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777263
gstreamer core/datetime: out of bounds read in
gst_date_time_new_from_iso8601_string()


Use CVE-2017-5838.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777265
gst-plugins-base/riff: stack overflow in gst_riff_create_audio_caps


Use CVE-2017-5839.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777469
gst-plugins-good/qtdemux: out of bounds heap read in
qtdemux_parse_samples


Use CVE-2017-5840.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777500
gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of bounds
read


Use CVE-2017-5841.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777502
gst-plugins-base/samiparse: heap oob in html_context_handle_element


Use CVE-2017-5842.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777503
gst-plugins-bad/mxfdemux: use after free in gst_mini_object_unref /
gst_tag_list_unref / gst_mxf_demux_update_essence_tracks


Use CVE-2017-5843.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777525
gst-plugins-base: floating point exception in gst_riff_create_audio_caps
(different than #777262)


Use CVE-2017-5844.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777532
gst-plugins-good/avidemux: invalid memory read in
gst_avi_demux_parse_ncdt


Use CVE-2017-5845.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777937
gst-plugins-ugly/asfdemux: invalid memory read in
gst_asf_demux_process_ext_stream_props()


Use CVE-2017-5846.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777955
gst-plugins-ugly/asfdemux: out of bounds read in
gst_asf_demux_process_ext_content_desc


Use CVE-2017-5847 for what is fixed by the entire
https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3 change, which is
in the
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
commit.



[] https://bugzilla.gnome.org/show_bug.cgi?id=777957
gst-plugins-bad/mpegdemux: Invalid memory read in gst_ps_demux_parse_psm


Use CVE-2017-5848 for what is fixed by the entire
https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 change.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYkscPAAoJEHb/MwWLVhi2tzkP/jI2Ui/LE7gj+Oavyvd4t/5f
hYs4xbPajwkTqf+y4IAuVGYKweGeU6VaegzQ/MugkzRTw74EoVYRYY7bXYU0HeRI
U7hynEHV+W6lKMjRdoCatWl/zCittE3AWImA1/k+W3RF4FCjANmGMMBY438YSNeU
Qch6Ls2VwjUPkG1/fh4Z9oiYEN/wZYBOhp0oGflqzqWsWpWXTcI5Nz9WlzUcM7Dd
JoTJnkzHEDhA+Z4FjadD8ynidKMG28mG0y0ycLg7UQj1JOqCihvqrIjHPeb/FNbU
3GdmrIHcb3g8A3K+WY9bEmNHo7kMg4RDm7TtoyY3lh9rBeiTCzHz6HFA5kduuLvw
FD4++M65t9VDTU+fhVNK8+4R3+lCu/0E0c6oZ0oQA2yMrmRzut8KTbpYWCnP7oI5
jRpN0lFaJe7N+3cgeqrkyU+Dx9F9WVPEJBYejipa27gM+MwCzZKEDerEUuLAzBOl
7jdqGOk5O+oV3z38KBzLC6wNFAiI/fnKU4UmAexowOfADnGuP2jTN+h3SPIg7FDn
Gs9Hf3S+64H9pl479JELBv/Yj9IE0OyGhT2BW3ENpC6gxgfK8ofdgryxvehOKKLE
ASxB8jAw6LUL+4pXRgNP7YeWTeXAwyYGW1Wkk+DwG4nwIUrnxgjNV7NNf9Q7/XuB
TBBjRhvJ93HkdYfGCsN4
=6wqV
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: