Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 2 Feb 2017 01:00:44 -0500
From: <cve-assign@...re.org>
To: <hanno@...eck.de>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: Multiple memory access issues in gstreamer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] https://bugzilla.gnome.org/show_bug.cgi?id=775450
> gst-plugins-good/aacparse: invalid memory read in
> gst_aac_parse_sink_setcaps

Use CVE-2016-10198.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=775451
> gst-plugins-good/qtdemux: out of bounds read in qtdemux_tag_add_str_full

Use CVE-2016-10199.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777262
> gst-plugins-base/riff-media: floating point exception in
> gst_riff_create_audio_caps

Use CVE-2017-5837.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777263
> gstreamer core/datetime: out of bounds read in
> gst_date_time_new_from_iso8601_string()

Use CVE-2017-5838.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777265
> gst-plugins-base/riff: stack overflow in gst_riff_create_audio_caps

Use CVE-2017-5839.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777469
> gst-plugins-good/qtdemux: out of bounds heap read in
> qtdemux_parse_samples

Use CVE-2017-5840.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777500
> gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of bounds
> read

Use CVE-2017-5841.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777502
> gst-plugins-base/samiparse: heap oob in html_context_handle_element

Use CVE-2017-5842.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777503
> gst-plugins-bad/mxfdemux: use after free in gst_mini_object_unref /
> gst_tag_list_unref / gst_mxf_demux_update_essence_tracks

Use CVE-2017-5843.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777525
> gst-plugins-base: floating point exception in gst_riff_create_audio_caps
> (different than #777262)

Use CVE-2017-5844.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777532
> gst-plugins-good/avidemux: invalid memory read in
> gst_avi_demux_parse_ncdt

Use CVE-2017-5845.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777937
> gst-plugins-ugly/asfdemux: invalid memory read in
> gst_asf_demux_process_ext_stream_props()

Use CVE-2017-5846.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777955
> gst-plugins-ugly/asfdemux: out of bounds read in
> gst_asf_demux_process_ext_content_desc

Use CVE-2017-5847 for what is fixed by the entire
https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3 change, which is
in the
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
commit.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777957
> gst-plugins-bad/mpegdemux: Invalid memory read in gst_ps_demux_parse_psm

Use CVE-2017-5848 for what is fixed by the entire
https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 change.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYkscPAAoJEHb/MwWLVhi2tzkP/jI2Ui/LE7gj+Oavyvd4t/5f
hYs4xbPajwkTqf+y4IAuVGYKweGeU6VaegzQ/MugkzRTw74EoVYRYY7bXYU0HeRI
U7hynEHV+W6lKMjRdoCatWl/zCittE3AWImA1/k+W3RF4FCjANmGMMBY438YSNeU
Qch6Ls2VwjUPkG1/fh4Z9oiYEN/wZYBOhp0oGflqzqWsWpWXTcI5Nz9WlzUcM7Dd
JoTJnkzHEDhA+Z4FjadD8ynidKMG28mG0y0ycLg7UQj1JOqCihvqrIjHPeb/FNbU
3GdmrIHcb3g8A3K+WY9bEmNHo7kMg4RDm7TtoyY3lh9rBeiTCzHz6HFA5kduuLvw
FD4++M65t9VDTU+fhVNK8+4R3+lCu/0E0c6oZ0oQA2yMrmRzut8KTbpYWCnP7oI5
jRpN0lFaJe7N+3cgeqrkyU+Dx9F9WVPEJBYejipa27gM+MwCzZKEDerEUuLAzBOl
7jdqGOk5O+oV3z38KBzLC6wNFAiI/fnKU4UmAexowOfADnGuP2jTN+h3SPIg7FDn
Gs9Hf3S+64H9pl479JELBv/Yj9IE0OyGhT2BW3ENpC6gxgfK8ofdgryxvehOKKLE
ASxB8jAw6LUL+4pXRgNP7YeWTeXAwyYGW1Wkk+DwG4nwIUrnxgjNV7NNf9Q7/XuB
TBBjRhvJ93HkdYfGCsN4
=6wqV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ