rpm package
suse/gstreamer-plugins-good&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5845 | Hig | 7.5 | < 1.8.3-12.12 | 1.8.3-12.12 | Feb 9, 2017 | The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. | |
| CVE-2017-5841 | Hig | 7.5 | < 1.8.3-12.12 | 1.8.3-12.12 | Feb 9, 2017 | The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. | |
| CVE-2017-5840 | Hig | 7.5 | < 1.8.3-12.12 | 1.8.3-12.12 | Feb 9, 2017 | The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. | |
| CVE-2016-10199 | Hig | 7.5 | < 1.8.3-12.12 | 1.8.3-12.12 | Feb 9, 2017 | The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. | |
| CVE-2016-10198 | Med | 5.5 | < 1.8.3-12.12 | 1.8.3-12.12 | Feb 9, 2017 | The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. | |
| CVE-2016-9636 | Cri | 9.8 | < 1.8.3-9.1 | 1.8.3-9.1 | Jan 27, 2017 | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond t | |
| CVE-2016-9635 | Cri | 9.8 | < 1.8.3-9.1 | 1.8.3-9.1 | Jan 27, 2017 | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond in | |
| CVE-2016-9634 | Cri | 9.8 | < 1.8.3-9.1 | 1.8.3-9.1 | Jan 27, 2017 | Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. | |
| CVE-2016-9810 | Med | 5.5 | < 1.8.3-9.1 | 1.8.3-9.1 | Jan 13, 2017 | The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. | |
| CVE-2016-9808 | Hig | 7.5 | < 1.8.3-9.1 | 1.8.3-9.1 | Jan 13, 2017 | The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. | |
| CVE-2016-9807 | Med | 5.5 | < 1.8.3-9.1 | 1.8.3-9.1 | Jan 13, 2017 | The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. |
- affected < 1.8.3-12.12fixed 1.8.3-12.12
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
- affected < 1.8.3-12.12fixed 1.8.3-12.12
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
- affected < 1.8.3-12.12fixed 1.8.3-12.12
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
- affected < 1.8.3-12.12fixed 1.8.3-12.12
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
- affected < 1.8.3-12.12fixed 1.8.3-12.12
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
- affected < 1.8.3-9.1fixed 1.8.3-9.1
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond t
- affected < 1.8.3-9.1fixed 1.8.3-9.1
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond in
- affected < 1.8.3-9.1fixed 1.8.3-9.1
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
- affected < 1.8.3-9.1fixed 1.8.3-9.1
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
- affected < 1.8.3-9.1fixed 1.8.3-9.1
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
- affected < 1.8.3-9.1fixed 1.8.3-9.1
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.