21 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-5843
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple use-after-free vulnerabilities in the 1 gstminiobjectunref, 2 gsttaglistunref, and 3 gstmxfdemuxupdateessencetracks functions in GStreamer before 1.10....
RHEL 7 : gstreamer-plugins-bad-free (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-bad-free: Off-by-one read in gsth264parsesetcaps CVE-2016-9809 - Integer overflow in th...
RHEL 6 : gstreamer-plugins-bad-free (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak...
SUSE: Security Advisory (SUSE-SU-2017:0962-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability
Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code CVE-2016-9445, CVE-2016-9446. Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code CVE-2016-9447...
MGASA-2018-0012 Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability
Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code CVE-2016-9445, CVE-2016-9446. Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code CVE-2016-9447...
EulerOS 2.0 SP1 : gstreamer (EulerOS-SA-2017-1205)
According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An...
EulerOS 2.0 SP2 : gstreamer (EulerOS-SA-2017-1206)
According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An...
RHEL 7 : GStreamer (RHSA-2017:2060)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2060 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The following packages have been upgraded t...
Moderate: Red Hat Security Advisory: GStreamer security, bug fix, and enhancement update
An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links ...
Fedora 26 : gst-editing-services / gstreamer1 / gstreamer1-plugin-mpg123 / etc (2017-a7373b6432)
New GStreamer release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...
openSUSE Security Update : gstreamer-plugins-bad (openSUSE-2017-479)
This update for gstreamer-plugins-bad fixes the following issues : Security issues fixed : - CVE-2017-5843: set stream tags to NULL after unrefing bsc1024044. - CVE-2017-5848: rewrite PSM parsing to add bounds checking bsc1024068. This update was imported from the SUSE:SLE-12-SP2:Update update...
SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2017:0962-1)
This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed : - CVE-2017-5843: set stream tags to NULL after unrefing bsc1024044. - CVE-2017-5848: rewrite PSM parsing to add bounds checking bsc1024068. Note that Tenable Network Security has extracted the preceding...
Debian DSA-3818-1 : gst-plugins-bad1.0 - security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
[SECURITY] [DSA 3818-1] gst-plugins-bad1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3818-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2017 https://www.debian.org/security/faq -...
Fedora 25 : mingw-gstreamer1-plugins-bad-free (2017-216f4b9f9d)
Security fix for CVE-2017-5848, CVE-2017-5843 - Downgrade to 1.10.3 as it is the latest stable release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as muc...
Fedora Update for mingw-gstreamer1-plugins-bad-free FEDORA-2017-216f4b9f9d
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-830-1 : gst-plugins-bad0.10 security update
Some memory management issues were found in the GStreamer 'bad' plugins : CVE-2017-5843 A use after free issue was found in the mxfdemux element, which can can be triggered via a maliciously crafted file. CVE-2017-5848 The psdemux was vulnerable to several invalid reads, which could be triggered...
CVE-2017-5843
Multiple use-after-free vulnerabilities in the 1 gstminiobjectunref, 2 gsttaglistunref, and 3 gstmxfdemuxupdateessencetracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service crash via vectors involving stream tags, as demonstrated by 02785736.mxf...
CVE-2017-5843
CVE-2017-5843 refers to multiple use-after-free vulnerabilities in GStreamer up to version 1.10.3, specifically in gst_mini_object_unref, gst_tag_list_unref, and gst_mxf_demux_update_essence_tracks. A remote attacker could crash the application (DoS) via crafted media such as MXF streams. Public ...