mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-23 16:50:47 +00:00
59 lines
2.8 KiB
Markdown
59 lines
2.8 KiB
Markdown
|
# Security Advisory 2016-0002 (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807)
|
||
|
|
||
|
<div class="vertical-table">
|
||
|
|
||
|
| | |
|
||
|
| ----------------- | --- |
|
||
|
| Summary | Multiple Issues in FLC/FLI/FLX Decoder |
|
||
|
| Date | 2016-11-23 03:00 |
|
||
|
| Affected Versions | GStreamer gst-plugins-bad 1.10 < 1.10.2<br/>GStreamer gst-plugins-bad 1.x <= 1.8.3 |
|
||
|
| IDs | GStreamer-SA-2016-0002<br/>CVE-2016-9634<br/>CVE-2016-9635<br/>CVE-2016-9636<br/>CVE-2016-9807 |
|
||
|
|
||
|
</div>
|
||
|
|
||
|
## Details
|
||
|
|
||
|
The decoder for the FLC/FLI/FLX animation video formats in gst-plugins-good contains various out-of-bounds writes and reads and fails to initialize output frame memory.
|
||
|
|
||
|
## Impact
|
||
|
|
||
|
If successful, a malicious third party could trigger either a crash in an application decoding a FLC/FLI/FLX video stream or an arbitrary code execution with the privileges of the target user. The failure to initialize output memory may result in an information leak.
|
||
|
|
||
|
## Threat Mitigation
|
||
|
|
||
|
Exploitation requires the user to access an FLC/FLI/FLX stream or file.
|
||
|
|
||
|
## Workarounds
|
||
|
|
||
|
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or disable the FLC/FLI/FLX decoder plugin by removing the plugin binary file libgstflxdec.so or libgstflxdec.dll.
|
||
|
|
||
|
## Solution
|
||
|
|
||
|
The gst-plugins-bad 1.10.2 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile or disable the FLC/FLI/FLX plugin.
|
||
|
|
||
|
## References
|
||
|
|
||
|
### The GStreamer project
|
||
|
|
||
|
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||
|
|
||
|
### CVE Database Entries
|
||
|
|
||
|
- [CVE-2016-9634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634)
|
||
|
- [CVE-2016-9635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635)
|
||
|
- [CVE-2016-9636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636)
|
||
|
- [CVE-2016-9807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807)
|
||
|
|
||
|
### GStreamer Bugzilla Entries
|
||
|
|
||
|
- [Bug 774834](https://bugzilla.gnome.org/show_bug.cgi?id=774834)
|
||
|
- [Bug 774859](https://bugzilla.gnome.org/show_bug.cgi?id=774859)
|
||
|
|
||
|
### GStreamer Patches
|
||
|
|
||
|
- [Patch 1](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac)
|
||
|
- [Patch 2](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2)
|
||
|
- [Patch 3](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9)
|
||
|
- [Patch 4](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff)
|
||
|
- [Patch 5](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=96aaf889afe90b5e02ec756af5c6c7000d2cc424)
|