CVE-2017-5841

Published: 09 February 2017

The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
gst-plugins-good1.0
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.3-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.3-1ubuntu0.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/GStreamer/gst-plugins-good/commit/32d9f3c158b58984be7731434df619131c0736f7