CVE-2016-9810

Published: 13 January 2017

The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.10.31-3+nmu4ubuntu2.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.10.31-3+nmu1ubuntu5.2])
gst-plugins-good1.0
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.1-2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.2-1ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.2.4-1~ubuntu1.3])
Patches:
Upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?h=1.10&id=b31c504645a814c59d91d49e4fe218acaf93f4ca