Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <bac88113395e44908ac254e6bcf773ec@imshyb01.MITRE.ORG>
Date: Thu, 2 Feb 2017 01:00:44 -0500
From: <cve-assign@...re.org>
To: <hanno@...eck.de>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: Multiple memory access issues in gstreamer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] https://bugzilla.gnome.org/show_bug.cgi?id=775450
> gst-plugins-good/aacparse: invalid memory read in
> gst_aac_parse_sink_setcaps

Use CVE-2016-10198.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=775451
> gst-plugins-good/qtdemux: out of bounds read in qtdemux_tag_add_str_full

Use CVE-2016-10199.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777262
> gst-plugins-base/riff-media: floating point exception in
> gst_riff_create_audio_caps

Use CVE-2017-5837.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777263
> gstreamer core/datetime: out of bounds read in
> gst_date_time_new_from_iso8601_string()

Use CVE-2017-5838.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777265
> gst-plugins-base/riff: stack overflow in gst_riff_create_audio_caps

Use CVE-2017-5839.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777469
> gst-plugins-good/qtdemux: out of bounds heap read in
> qtdemux_parse_samples

Use CVE-2017-5840.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777500
> gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of bounds
> read

Use CVE-2017-5841.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777502
> gst-plugins-base/samiparse: heap oob in html_context_handle_element

Use CVE-2017-5842.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777503
> gst-plugins-bad/mxfdemux: use after free in gst_mini_object_unref /
> gst_tag_list_unref / gst_mxf_demux_update_essence_tracks

Use CVE-2017-5843.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777525
> gst-plugins-base: floating point exception in gst_riff_create_audio_caps
> (different than #777262)

Use CVE-2017-5844.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777532
> gst-plugins-good/avidemux: invalid memory read in
> gst_avi_demux_parse_ncdt

Use CVE-2017-5845.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777937
> gst-plugins-ugly/asfdemux: invalid memory read in
> gst_asf_demux_process_ext_stream_props()

Use CVE-2017-5846.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777955
> gst-plugins-ugly/asfdemux: out of bounds read in
> gst_asf_demux_process_ext_content_desc

Use CVE-2017-5847 for what is fixed by the entire
https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3 change, which is
in the
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
commit.


> [] https://bugzilla.gnome.org/show_bug.cgi?id=777957
> gst-plugins-bad/mpegdemux: Invalid memory read in gst_ps_demux_parse_psm

Use CVE-2017-5848 for what is fixed by the entire
https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 change.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYkscPAAoJEHb/MwWLVhi2tzkP/jI2Ui/LE7gj+Oavyvd4t/5f
hYs4xbPajwkTqf+y4IAuVGYKweGeU6VaegzQ/MugkzRTw74EoVYRYY7bXYU0HeRI
U7hynEHV+W6lKMjRdoCatWl/zCittE3AWImA1/k+W3RF4FCjANmGMMBY438YSNeU
Qch6Ls2VwjUPkG1/fh4Z9oiYEN/wZYBOhp0oGflqzqWsWpWXTcI5Nz9WlzUcM7Dd
JoTJnkzHEDhA+Z4FjadD8ynidKMG28mG0y0ycLg7UQj1JOqCihvqrIjHPeb/FNbU
3GdmrIHcb3g8A3K+WY9bEmNHo7kMg4RDm7TtoyY3lh9rBeiTCzHz6HFA5kduuLvw
FD4++M65t9VDTU+fhVNK8+4R3+lCu/0E0c6oZ0oQA2yMrmRzut8KTbpYWCnP7oI5
jRpN0lFaJe7N+3cgeqrkyU+Dx9F9WVPEJBYejipa27gM+MwCzZKEDerEUuLAzBOl
7jdqGOk5O+oV3z38KBzLC6wNFAiI/fnKU4UmAexowOfADnGuP2jTN+h3SPIg7FDn
Gs9Hf3S+64H9pl479JELBv/Yj9IE0OyGhT2BW3ENpC6gxgfK8ofdgryxvehOKKLE
ASxB8jAw6LUL+4pXRgNP7YeWTeXAwyYGW1Wkk+DwG4nwIUrnxgjNV7NNf9Q7/XuB
TBBjRhvJ93HkdYfGCsN4
=6wqV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.