CVE-2016-10198

Published: 09 February 2017

The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.10.31-3+nmu4ubuntu2.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.10.31-3+nmu1ubuntu5.3])
gst-plugins-good1.0
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.3-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.3-1ubuntu0.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.2.4-1~ubuntu1.4])
Patches:
Upstream: https://github.com/GStreamer/gst-plugins-good/commit/87a2c140ca54c5128093377e9b25a5c24b346727