[3.2] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)
CVE-2017-5846: The gst_asf_demux_process_ext_stream_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via vectors related to the number of languages in a
video file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5846
http://www.openwall.com/lists/oss-security/2017/02/01/7
Patch:
CVE-2017-5847: References: The
gst_asf_demux_process_ext_content_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in
GStreamer allows remote attackers to cause a denial of service
(out-of-bounds heap read) via vectors involving extended content
descriptors.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-5847
Patch:
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
(from redmine: issue id 7242, created on 2017-04-26, closed on 2017-05-01)
- Relations:
- parent #7237 (closed)