[3.5] gst-plugins-base1: Multiple vulnerabilities (CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842, CVE-2017-5844)
CVE-2016-9811: The windows_icon_typefind function in
gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to
always-malloc, allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted ico file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9811
Patch:
https://github.com/GStreamer/gst-plugins-base/commit/2fdccfd64fc609e44e9c4b8eed5bfdc0ab9c9095
CVE-2017-5837: The gst_riff_create_audio_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3
allows remote attackers to cause a denial of service (floating point
exception and crash) via a crafted video file.
References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5837
Patch:
https://github.com/GStreamer/gst-plugins-base/commit/81d3ba3fa212bb25fe2ac661993887c4b69af6f1
CVE-2017-5839: The gst_riff_create_audio_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 does not properly
limit recursion, which allows remote attackers to cause a denial of
service (stack overflow and crash) via vectors involving nested
WAVEFORMATEX.
References:
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://nvd.nist.gov/vuln/detail/CVE-2017-5839
h3.Patch:
https://github.com/GStreamer/gst-plugins-base/commit/ef55c8a
CVE-2017-5842: The html_context_handle_element function in
gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3
allows remote
attackers to cause a denial of service (out-of-bounds write) via a
crafted SMI file, as demonstrated by OneNote_Manager.smi.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5842
Patch:
https://github.com/GStreamer/gst-plugins-base/commit/d894c19
CVE-2017-5844: The gst_riff_create_audio_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 allows
remote attackers to cause a denial of service (floating point exception
and crash) via a crafted ASF file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5844
Patch:
https://github.com/GStreamer/gst-plugins-base/commit/5d505d108800cef210f67dcfed2801ba36beac2a
(from redmine: issue id 7227, created on 2017-04-26, closed on 2017-05-02)
- Relations:
- parent #7226 (closed)
- Changesets:
- Revision 8901f4a1 on 2017-04-28T14:20:43Z:
main/gst-plugins-base1: upgrade to 1.8.3 - fixes #7227
CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842, CVE-2017-5844