Vulnerabilities > CVE-2016-9635 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
gstreamer
redhat
debian
CWE-119
critical
nessus

Summary

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201705-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100263
    published2017-05-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100263
    titleGLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161221_GSTREAMER_PLUGINS_GOOD_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were discovered in GStreamer
    last seen2020-03-18
    modified2016-12-21
    plugin id96042
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96042
    titleScientific Linux Security Update : gstreamer-plugins-good on SL6.x i386/x86_64 (20161221)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3303-1.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following security issues : - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96264
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96264
    titleSUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3303-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-88.NASL
    descriptionThis update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
    last seen2020-06-05
    modified2017-01-17
    plugin id96554
    published2017-01-17
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96554
    titleopenSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-88)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-153.NASL
    descriptionThis update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
    last seen2020-06-05
    modified2017-01-30
    plugin id96862
    published2017-01-30
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96862
    titleopenSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-153)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0019.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96340
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96340
    titleCentOS 7 : gstreamer-plugins-good (CESA-2017:0019)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1064.NASL
    descriptionAccording to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
    last seen2020-05-06
    modified2017-05-02
    plugin id99911
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99911
    titleEulerOS 2.0 SP1 : gstreamer1-plugins-good (EulerOS-SA-2017-1064)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0020.NASL
    descriptionAn update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96341
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96341
    titleCentOS 7 : gstreamer1-plugins-good (CESA-2017:0020)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-93.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
    last seen2020-06-05
    modified2017-01-17
    plugin id96557
    published2017-01-17
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96557
    titleopenSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-93)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0019.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id101402
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101402
    titleVirtuozzo 7 : gstreamer-plugins-good / etc (VZLSA-2017-0019)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-65.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following security issues : - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96384
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96384
    titleopenSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-65)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2975.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96040
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96040
    titleRHEL 6 : gstreamer-plugins-good (RHSA-2016:2975)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-727.NASL
    descriptionChris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing- exploitati on.html This update removes the insecure FLIC file format plugin. For Debian 7
    last seen2020-03-17
    modified2016-12-01
    plugin id95413
    published2016-12-01
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95413
    titleDebian DLA-727-1 : gst-plugins-good0.10 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2975.NASL
    descriptionFrom Red Hat Security Advisory 2016:2975 : An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96067
    published2016-12-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96067
    titleOracle Linux 6 : gstreamer-plugins-good (ELSA-2016-2975)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0237-1.NASL
    descriptiongstreamer-0_10-plugins-good was updated to fix five security issues. These security issues were fixed : - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103). - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102). - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655). - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653). To install this update libbz2-1 needs to be installed if it isn
    last seen2020-06-01
    modified2020-06-02
    plugin id96695
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96695
    titleSUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0237-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1065.NASL
    descriptionAccording to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
    last seen2020-05-06
    modified2017-05-02
    plugin id99912
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99912
    titleEulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2975.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96050
    published2016-12-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96050
    titleCentOS 6 : gstreamer-plugins-good (CESA-2016:2975)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0019.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96311
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96311
    titleRHEL 7 : gstreamer-plugins-good (RHSA-2017:0019)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3724.NASL
    descriptionChris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing- exploitation.html This update removes the insecure FLIC file format plugin.
    last seen2020-06-01
    modified2020-06-02
    plugin id95298
    published2016-11-25
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95298
    titleDebian DSA-3724-1 : gst-plugins-good0.10 - security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170105_GSTREAMER1_PLUGINS_GOOD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were discovered in GStreamer
    last seen2020-03-18
    modified2017-01-06
    plugin id96331
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96331
    titleScientific Linux Security Update : gstreamer1-plugins-good on SL7.x x86_64 (20170105)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3288-1.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9807: flic decoder invalid read could lead to crash [bsc#1013655] - CVE-2016-9634: flic out-of-bounds write could lead to code execution [bsc#1012102] - CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012103] - CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012104] - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. [bsc#1013653] - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses [bsc#1013663] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96257
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96257
    titleSUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3288-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3723.NASL
    descriptionChris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing- exploitation.html
    last seen2020-06-01
    modified2020-06-02
    plugin id95297
    published2016-11-25
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95297
    titleDebian DSA-3723-1 : gst-plugins-good1.0 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0210-1.NASL
    descriptionThis update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96654
    published2017-01-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96654
    titleSUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0210-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170105_GSTREAMER_PLUGINS_GOOD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were discovered in GStreamer
    last seen2020-03-18
    modified2017-01-06
    plugin id96333
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96333
    titleScientific Linux Security Update : gstreamer-plugins-good on SL7.x x86_64 (20170105)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0020.NASL
    descriptionAn update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id101403
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101403
    titleVirtuozzo 7 : gstreamer1-plugins-good (VZLSA-2017-0020)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1062.NASL
    descriptionAccording to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
    last seen2020-05-06
    modified2017-05-02
    plugin id99909
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99909
    titleEulerOS 2.0 SP1 : gstreamer-plugins-good (EulerOS-SA-2017-1062)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0020.NASL
    descriptionAn update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96312
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96312
    titleRHEL 7 : gstreamer1-plugins-good (RHSA-2017:0020)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0225-1.NASL
    descriptiongstreamer-0_10-plugins-good was updated to fix six security issues. These security issues were fixed : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96694
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96694
    titleSUSE SLES11 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0225-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1063.NASL
    descriptionAccording to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
    last seen2020-05-06
    modified2017-05-02
    plugin id99910
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99910
    titleEulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2017-1063)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-83.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
    last seen2020-06-05
    modified2017-01-17
    plugin id96549
    published2017-01-17
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96549
    titleopenSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-83)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-402.NASL
    descriptionThis update for gstreamer-0_10-plugins-good fixes the following issues : Security issues fixed : - CVE-2016-9634, CVE-2016-9635: add some bounds checking (boo#1012102 boo#1012103). - CVE-2016-9636: fix casting for some comparisons (boo#1012104). - CVE-2016-9807, CVE-2016-9808: rewrite logic using GsgtByteReader/Writer (boo#1013653 boo#1013655). - CVE-2016-9810: don
    last seen2020-06-05
    modified2017-04-03
    plugin id99150
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99150
    titleopenSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-402)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0019.NASL
    descriptionFrom Red Hat Security Advisory 2017:0019 : An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96327
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96327
    titleOracle Linux 7 : gstreamer-plugins-good (ELSA-2017-0019)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0020.NASL
    descriptionFrom Red Hat Security Advisory 2017:0020 : An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96328
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96328
    titleOracle Linux 7 : gstreamer1-plugins-good (ELSA-2017-0020)

Redhat

advisories
  • rhsa
    idRHSA-2016:2975
  • rhsa
    idRHSA-2017:0019
  • rhsa
    idRHSA-2017:0020
rpms
  • gstreamer-plugins-good-0:0.10.23-4.el6_8
  • gstreamer-plugins-good-debuginfo-0:0.10.23-4.el6_8
  • gstreamer-plugins-good-devel-0:0.10.23-4.el6_8
  • gstreamer-plugins-good-0:0.10.31-12.el7_3
  • gstreamer-plugins-good-debuginfo-0:0.10.31-12.el7_3
  • gstreamer-plugins-good-devel-docs-0:0.10.31-12.el7_3
  • gstreamer1-plugins-good-0:1.4.5-3.el7_3
  • gstreamer1-plugins-good-debuginfo-0:1.4.5-3.el7_3