VYPR

rpm package

suse/gstreamer-plugins-bad&distro=SUSE Linux Enterprise Desktop 12 SP1

pkg:rpm/suse/gstreamer-plugins-bad&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Vulnerabilities (5)

  • CVE-2016-9446HigJan 23, 2017
    affected < 1.2.4-3.4.1fixed 1.2.4-3.4.1

    The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

  • CVE-2016-9445HigJan 23, 2017
    affected < 1.2.4-3.4.1fixed 1.2.4-3.4.1

    Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

  • CVE-2016-9813MedJan 13, 2017
    affected < 1.2.4-3.4.1fixed 1.2.4-3.4.1

    The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2016-9812HigJan 13, 2017
    affected < 1.2.4-3.4.1fixed 1.2.4-3.4.1

    The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.

  • CVE-2016-9809HigJan 13, 2017
    affected < 1.2.4-3.4.1fixed 1.2.4-3.4.1

    Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.