19 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-5848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gstpsdemuxparsepsm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service invalid...
RHEL 6 : mingw-virt-viewer (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-bad-free: Invalid memory read in gstpsdemuxparsepsm CVE-2017-5848 - The...
RHEL 6 : gstreamer-plugins-bad-free (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak...
RHEL 7 : gstreamer-plugins-bad-free (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-bad-free: Off-by-one read in gsth264parsesetcaps CVE-2016-9809 - Integer overflow in th...
SUSE: Security Advisory (SUSE-SU-2017:0962-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2018-0012 Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability
Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code CVE-2016-9445, CVE-2016-9446. Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code CVE-2016-9447...
Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability
Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code CVE-2016-9445, CVE-2016-9446. Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code CVE-2016-9447...
EulerOS 2.0 SP2 : gstreamer (EulerOS-SA-2017-1206)
According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An...
EulerOS 2.0 SP1 : gstreamer (EulerOS-SA-2017-1205)
According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An...
RHEL 7 : GStreamer (RHSA-2017:2060)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2060 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The following packages have been upgraded t...
Moderate: Red Hat Security Advisory: GStreamer security, bug fix, and enhancement update
An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links ...
openSUSE Security Update : gstreamer-plugins-bad (openSUSE-2017-479)
This update for gstreamer-plugins-bad fixes the following issues : Security issues fixed : - CVE-2017-5843: set stream tags to NULL after unrefing bsc1024044. - CVE-2017-5848: rewrite PSM parsing to add bounds checking bsc1024068. This update was imported from the SUSE:SLE-12-SP2:Update update...
SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2017:0962-1)
This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed : - CVE-2017-5843: set stream tags to NULL after unrefing bsc1024044. - CVE-2017-5848: rewrite PSM parsing to add bounds checking bsc1024068. Note that Tenable Network Security has extracted the preceding...
Debian DSA-3818-1 : gst-plugins-bad1.0 - security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
[SECURITY] [DSA 3818-1] gst-plugins-bad1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3818-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2017 https://www.debian.org/security/faq -...
Fedora Update for mingw-gstreamer1-plugins-bad-free FEDORA-2017-216f4b9f9d
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 25 : mingw-gstreamer1-plugins-bad-free (2017-216f4b9f9d)
Security fix for CVE-2017-5848, CVE-2017-5843 - Downgrade to 1.10.3 as it is the latest stable release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as muc...
Debian DLA-830-1 : gst-plugins-bad0.10 security update
Some memory management issues were found in the GStreamer 'bad' plugins : CVE-2017-5843 A use after free issue was found in the mxfdemux element, which can can be triggered via a maliciously crafted file. CVE-2017-5848 The psdemux was vulnerable to several invalid reads, which could be triggered...
CVE-2017-5848
The CVE-2017-5848 entry affects GStreamer’s gst-plugins-bad suite, specifically the gst_ps_demux_parse_psm function in gst-mpegdemux/gstmpegdemux.c. Affected component: GStreamer plugins-bad. Root cause: remote parsing of PSM can lead to an invalid memory read, crashing the process and enabling a...