rpm package
suse/gstreamer-plugins-bad&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
pkg:rpm/suse/gstreamer-plugins-bad&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5848 | Hig | 7.5 | < 1.8.3-17.2 | 1.8.3-17.2 | Feb 9, 2017 | The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | |
| CVE-2017-5843 | Hig | 7.5 | < 1.8.3-17.2 | 1.8.3-17.2 | Feb 9, 2017 | Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as dem | |
| CVE-2016-9446 | Hig | 7.5 | < 1.8.3-14.1 | 1.8.3-14.1 | Jan 23, 2017 | The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | |
| CVE-2016-9445 | Hig | 7.5 | < 1.8.3-14.1 | 1.8.3-14.1 | Jan 23, 2017 | Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | |
| CVE-2016-9813 | Med | 5.5 | < 1.8.3-14.1 | 1.8.3-14.1 | Jan 13, 2017 | The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |
| CVE-2016-9812 | Hig | 7.5 | < 1.8.3-14.1 | 1.8.3-14.1 | Jan 13, 2017 | The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. | |
| CVE-2016-9809 | Hig | 7.8 | < 1.8.3-14.1 | 1.8.3-14.1 | Jan 13, 2017 | Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. |
- affected < 1.8.3-17.2fixed 1.8.3-17.2
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
- affected < 1.8.3-17.2fixed 1.8.3-17.2
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as dem
- affected < 1.8.3-14.1fixed 1.8.3-14.1
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
- affected < 1.8.3-14.1fixed 1.8.3-14.1
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
- affected < 1.8.3-14.1fixed 1.8.3-14.1
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
- affected < 1.8.3-14.1fixed 1.8.3-14.1
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
- affected < 1.8.3-14.1fixed 1.8.3-14.1
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.