mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-20 23:36:38 +00:00
95ca7014c8
Ship these also as part of the monorepo, so we can prepare new advisories as part of the relevant merge requests in the private gstreamer-security repository. Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7610>
52 lines
2 KiB
Markdown
52 lines
2 KiB
Markdown
# Security Advisory 2016-0001 (CVE-2016-9445, CVE-2016-9446)
|
|
|
|
<div class="vertical-table">
|
|
|
|
| | |
|
|
| ----------------- | --- |
|
|
| Summary | Multiple Issues in VMNC decoder |
|
|
| Date | 2016-11-17 16:00 |
|
|
| Affected Versions | GStreamer gst-plugins-bad 1.10 < 1.10.1<br/>GStreamer gst-plugins-bad 1.x <= 1.8.3 |
|
|
| IDs | GStreamer-SA-2016-0001<br/>CVE-2016-9445<br/>CVE-2016-9446 |
|
|
|
|
</div>
|
|
|
|
## Details
|
|
|
|
The VMNC decoder in gst-plugins-bad contains an integer overflow vulnerability and a failure to initialize output memory.
|
|
|
|
## Impact
|
|
|
|
If successful, a malicious third party could trigger either a crash in an application decoding a VMNC video stream or an arbitrary code execution with the privileges of the target user. The failure to initialize output memory may result in an information leak.
|
|
|
|
## Mitigation
|
|
|
|
Exploitation requires the user to access a VMNC stream or file.
|
|
|
|
## Workarounds
|
|
|
|
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or disable the VMNC decoder plugin by removing the plugin binary file libgstvmnc.so or libgstvmnc.dll.
|
|
|
|
## Solution
|
|
|
|
The gst-plugins-bad 1.10.1 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile, or disable the VMNC plugin.
|
|
|
|
## References
|
|
|
|
### The GStreamer project
|
|
|
|
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
|
|
|
### CVE Database Entries
|
|
|
|
- [CVE-2016-9445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445)
|
|
- [CVE-2016-9446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9446)
|
|
|
|
### GStreamer Bugzilla Entry
|
|
|
|
- [Bug 774533](https://bugzilla.gnome.org/show_bug.cgi?id=774533)
|
|
|
|
### GStreamer Patches
|
|
|
|
- [Patch](https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe)
|
|
- [Patch 2](https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=807e23118b6b6d99e61b5e2055c4bc82a444b008)
|