CVE-2016-10198

Published: 09 February 2017

The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
gst-plugins-good0.10 Launchpad, Ubuntu, Debian	Upstream	Needed





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (0.10.31-3+nmu4ubuntu2.16.04.3)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [0.10.31-3+nmu1ubuntu5.3])
gst-plugins-good1.0 Launchpad, Ubuntu, Debian	Upstream	Released (1.10.3-1)





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (1.8.3-1ubuntu0.4)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [1.2.4-1~ubuntu1.4])
	Patches: Upstream: https://github.com/GStreamer/gst-plugins-good/commit/87a2c140ca54c5128093377e9b25a5c24b346727

References

Bugs

https://bugzilla.gnome.org/show_bug.cgi?id=775450

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›