CVE-2016-10199

Published: 09 February 2017

The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.10.31-3+nmu4ubuntu2.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.10.31-3+nmu1ubuntu5.3])
gst-plugins-good1.0
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.3-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.3-1ubuntu0.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.2.4-1~ubuntu1.4])
Patches:
Upstream: https://github.com/GStreamer/gst-plugins-good/commit/d0949baf3dadea6021d54abef6802fed5a06af75