ALT-PU-2017-1563-1
Package gstreamer1.0 updated to version 1.12.0-alt1 for branch sisyphus in task 182481.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
- [oss-security] 20161118 CVE Request: gstreamer plugins
- [oss-security] 20161118 CVE Request: gstreamer plugins
- [oss-security] 20161118 Re: CVE Request: gstreamer plugins
- [oss-security] 20161118 Re: CVE Request: gstreamer plugins
- 94423
- 94423
- RHSA-2017:2060
- RHSA-2017:2060
- https://bugzilla.gnome.org/show_bug.cgi?id=774533
- https://bugzilla.gnome.org/show_bug.cgi?id=774533
- https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
- https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
- FEDORA-2021-ed54b1128a
- FEDORA-2021-ed54b1128a
- https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
- https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2017-5847
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
- DSA-3821
- DSA-3821
- [oss-security] 20170201 Multiple memory access issues in gstreamer
- [oss-security] 20170201 Multiple memory access issues in gstreamer
- [oss-security] 20170202 Re: Multiple memory access issues in gstreamer
- [oss-security] 20170202 Re: Multiple memory access issues in gstreamer
- 96001
- 96001
- https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3
- https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3
- https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
- https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2226-1] gst-plugins-ugly0.10 security update
- [debian-lts-announce] 20200530 [SECURITY] [DLA 2226-1] gst-plugins-ugly0.10 security update
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2017-5848
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
- DSA-3818
- DSA-3818
- [oss-security] 20170201 Multiple memory access issues in gstreamer
- [oss-security] 20170201 Multiple memory access issues in gstreamer
- [oss-security] 20170202 Re: Multiple memory access issues in gstreamer
- [oss-security] 20170202 Re: Multiple memory access issues in gstreamer
- 96001
- 96001
- RHSA-2017:2060
- RHSA-2017:2060
- https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
- https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
- [debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
- [debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
- GLSA-201705-10
- GLSA-201705-10