CVE-2016-9635

Published: 27 January 2017

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.10.31-3+nmu4ubuntu2.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.10.31-3+nmu1ubuntu5.1])
gst-plugins-good1.0
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.2-1ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.2.4-1~ubuntu1.1])
Patches:
Upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?h=1.10&id=2e203a79b7d9af4029307c1a845b3c148d5f5e62
Upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?h=1.10&id=1ab2b26193861b124426e2f8eb62b75b59ec5488