Security update for gstreamer-plugins-bad (important)

2016-12-30T00:08:58
ID SUSE-SU-2016:3297-1
Type suse
Reporter Suse
Modified 2016-12-30T00:08:58

Description

This update for gstreamer-plugins-bad fixes the following issues:

  • CVE-2016-9809: Malicious mkv/h264 file could cause an off by one out of bounds read and lead to crash (bsc#1013659)
  • CVE-2016-9812: Malicious mpeg file could cause invalid a null pointer access and lead to crash (bsc#1013678)
  • CVE-2016-9813: Malicious mpegts file could cause invalid a null pointer access and lead to crash (bsc#1013680)
  • CVE-2016-9445, CVE-2016-9446: Check an integer overflow and initialize a buffer in vmncdec (bsc#1010829)