CVE-2016-9807

Published: 13 January 2017

The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.10.31-3+nmu4ubuntu2.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.10.31-3+nmu1ubuntu5.2])
gst-plugins-good1.0
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.1-2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.2-1ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.2.4-1~ubuntu1.3])
Patches:
Upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?h=1.10&id=be670f0daf67304fb92c76aa09c30cae0bfd1fe4