CVE-2019-9928

Published: 24 April 2019

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

Priority

High

CVSS 3 base score: 8.8

Status

Package Release Status
gst-plugins-base0.10
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.10.36-2ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
gst-plugins-base1.0
Launchpad, Ubuntu, Debian
Upstream
Released (1.15.90-1,1.16.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.14.1-1ubuntu1~ubuntu18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.3-1ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
Patches:
Upstream: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/commit/f672277509705c4034bc92a141eefee4524d15aa