The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (invalid memory read and crash) via a ncdt
sub-tag that “goes behind” the surrounding tag.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | gst-plugins-good1.0 | < 1.8.3-1ubuntu0.4 | UNKNOWN |
ubuntu | 16.10 | noarch | gst-plugins-good1.0 | < 1.8.3-1ubuntu1.3 | UNKNOWN |