Vulnerabilities > CVE-2016-9808 - Out-of-bounds Write vulnerability in Gstreamer

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

gstreamer

CWE-787

nessus

NVD

Published: 2017-01-13

Updated: 2018-01-05

Summary

The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.

Vulnerable Configurations

Part	Description	Count
Application	Gstreamer Gstreamer Gstreamer *	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201705-10.NASL
description	The remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	100263
published	2017-05-18
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100263
title	GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20161221_GSTREAMER_PLUGINS_GOOD_ON_SL6_X.NASL
description	Security Fix(es) : - Multiple flaws were discovered in GStreamer
last seen	2020-03-18
modified	2016-12-21
plugin id	96042
published	2016-12-21
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96042
title	Scientific Linux Security Update : gstreamer-plugins-good on SL6.x i386/x86_64 (20161221)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3303-1.NASL
description	This update for gstreamer-plugins-good fixes the following security issues : - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	96264
published	2017-01-03
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96264
title	SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3303-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-88.NASL
description	This update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
last seen	2020-06-05
modified	2017-01-17
plugin id	96554
published	2017-01-17
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96554
title	openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-88)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-153.NASL
description	This update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
last seen	2020-06-05
modified	2017-01-30
plugin id	96862
published	2017-01-30
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96862
title	openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-153)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2017-0019.NASL
description	An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96340
published	2017-01-10
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96340
title	CentOS 7 : gstreamer-plugins-good (CESA-2017:0019)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1064.NASL
description	According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
last seen	2020-05-06
modified	2017-05-02
plugin id	99911
published	2017-05-02
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99911
title	EulerOS 2.0 SP1 : gstreamer1-plugins-good (EulerOS-SA-2017-1064)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2017-0020.NASL
description	An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96341
published	2017-01-10
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96341
title	CentOS 7 : gstreamer1-plugins-good (CESA-2017:0020)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-93.NASL
description	This update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
last seen	2020-06-05
modified	2017-01-17
plugin id	96557
published	2017-01-17
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96557
title	openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-93)

NASL family	Virtuozzo Local Security Checks
NASL id	VIRTUOZZO_VZLSA-2017-0019.NASL
description	An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	101402
published	2017-07-13
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/101402
title	Virtuozzo 7 : gstreamer-plugins-good / etc (VZLSA-2017-0019)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-65.NASL
description	This update for gstreamer-plugins-good fixes the following security issues : - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) This update was imported from the SUSE:SLE-12-SP2:Update update project.
last seen	2020-06-05
modified	2017-01-10
plugin id	96384
published	2017-01-10
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96384
title	openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-65)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2975.NASL
description	An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96040
published	2016-12-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96040
title	RHEL 6 : gstreamer-plugins-good (RHSA-2016:2975)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-2975.NASL
description	From Red Hat Security Advisory 2016:2975 : An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96067
published	2016-12-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96067
title	Oracle Linux 6 : gstreamer-plugins-good (ELSA-2016-2975)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0237-1.NASL
description	gstreamer-0_10-plugins-good was updated to fix five security issues. These security issues were fixed : - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103). - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102). - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655). - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653). To install this update libbz2-1 needs to be installed if it isn
last seen	2020-06-01
modified	2020-06-02
plugin id	96695
published	2017-01-23
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96695
title	SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0237-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1065.NASL
description	According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
last seen	2020-05-06
modified	2017-05-02
plugin id	99912
published	2017-05-02
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99912
title	EulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-2975.NASL
description	An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96050
published	2016-12-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96050
title	CentOS 6 : gstreamer-plugins-good (CESA-2016:2975)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-0019.NASL
description	An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96311
published	2017-01-05
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96311
title	RHEL 7 : gstreamer-plugins-good (RHSA-2017:0019)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20170105_GSTREAMER1_PLUGINS_GOOD_ON_SL7_X.NASL
description	Security Fix(es) : - Multiple flaws were discovered in GStreamer
last seen	2020-03-18
modified	2017-01-06
plugin id	96331
published	2017-01-06
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96331
title	Scientific Linux Security Update : gstreamer1-plugins-good on SL7.x x86_64 (20170105)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3288-1.NASL
description	This update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9807: flic decoder invalid read could lead to crash [bsc#1013655] - CVE-2016-9634: flic out-of-bounds write could lead to code execution [bsc#1012102] - CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012103] - CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012104] - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. [bsc#1013653] - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses [bsc#1013663] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	96257
published	2017-01-03
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96257
title	SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3288-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0210-1.NASL
description	This update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	96654
published	2017-01-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96654
title	SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0210-1)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20170105_GSTREAMER_PLUGINS_GOOD_ON_SL7_X.NASL
description	Security Fix(es) : - Multiple flaws were discovered in GStreamer
last seen	2020-03-18
modified	2017-01-06
plugin id	96333
published	2017-01-06
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96333
title	Scientific Linux Security Update : gstreamer-plugins-good on SL7.x x86_64 (20170105)

NASL family	Virtuozzo Local Security Checks
NASL id	VIRTUOZZO_VZLSA-2017-0020.NASL
description	An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	101403
published	2017-07-13
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/101403
title	Virtuozzo 7 : gstreamer1-plugins-good (VZLSA-2017-0020)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1062.NASL
description	According to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
last seen	2020-05-06
modified	2017-05-02
plugin id	99909
published	2017-05-02
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99909
title	EulerOS 2.0 SP1 : gstreamer-plugins-good (EulerOS-SA-2017-1062)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-0020.NASL
description	An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96312
published	2017-01-05
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96312
title	RHEL 7 : gstreamer1-plugins-good (RHSA-2017:0020)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0225-1.NASL
description	gstreamer-0_10-plugins-good was updated to fix six security issues. These security issues were fixed : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	96694
published	2017-01-23
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96694
title	SUSE SLES11 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0225-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1063.NASL
description	According to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
last seen	2020-05-06
modified	2017-05-02
plugin id	99910
published	2017-05-02
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99910
title	EulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2017-1063)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-83.NASL
description	This update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
last seen	2020-06-05
modified	2017-01-17
plugin id	96549
published	2017-01-17
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96549
title	openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-83)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-402.NASL
description	This update for gstreamer-0_10-plugins-good fixes the following issues : Security issues fixed : - CVE-2016-9634, CVE-2016-9635: add some bounds checking (boo#1012102 boo#1012103). - CVE-2016-9636: fix casting for some comparisons (boo#1012104). - CVE-2016-9807, CVE-2016-9808: rewrite logic using GsgtByteReader/Writer (boo#1013653 boo#1013655). - CVE-2016-9810: don
last seen	2020-06-05
modified	2017-04-03
plugin id	99150
published	2017-04-03
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/99150
title	openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-402)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2017-0019.NASL
description	From Red Hat Security Advisory 2017:0019 : An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96327
published	2017-01-06
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96327
title	Oracle Linux 7 : gstreamer-plugins-good (ELSA-2017-0019)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2017-0020.NASL
description	From Red Hat Security Advisory 2017:0020 : An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
last seen	2020-06-01
modified	2020-06-02
plugin id	96328
published	2017-01-06
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96328
title	Oracle Linux 7 : gstreamer1-plugins-good (ELSA-2017-0020)

Redhat

advisories

bugzilla

id	1401874
title	CVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment gstreamer-plugins-good-devel is earlier than 0:0.10.23-4.el6_8
oval oval:com.redhat.rhsa:tst:20162975001
comment gstreamer-plugins-good-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20162975002

AND

comment gstreamer-plugins-good is earlier than 0:0.10.23-4.el6_8
oval oval:com.redhat.rhsa:tst:20162975003
comment gstreamer-plugins-good is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20162975004

rhsa

id	RHSA-2016:2975
released	2016-12-21
severity	Important
title	RHSA-2016:2975: gstreamer-plugins-good security update (Important)

bugzilla

id	1401874
title	CVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment gstreamer-plugins-good-devel-docs is earlier than 0:0.10.31-12.el7_3
oval oval:com.redhat.rhsa:tst:20170019001
comment gstreamer-plugins-good-devel-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170019002

AND

comment gstreamer-plugins-good is earlier than 0:0.10.31-12.el7_3
oval oval:com.redhat.rhsa:tst:20170019003
comment gstreamer-plugins-good is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20162975004

rhsa

id	RHSA-2017:0019
released	2017-01-05
severity	Moderate
title	RHSA-2017:0019: gstreamer-plugins-good security update (Moderate)

bugzilla

id	1401874
title	CVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027
comment gstreamer1-plugins-good is earlier than 0:1.4.5-3.el7_3
oval oval:com.redhat.rhsa:tst:20170020001
comment gstreamer1-plugins-good is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170020002

rhsa

id	RHSA-2017:0020
released	2017-01-05
severity	Moderate
title	RHSA-2017:0020: gstreamer1-plugins-good security update (Moderate)

rpms

gstreamer-plugins-good-0:0.10.23-4.el6_8
gstreamer-plugins-good-debuginfo-0:0.10.23-4.el6_8
gstreamer-plugins-good-devel-0:0.10.23-4.el6_8
gstreamer-plugins-good-0:0.10.31-12.el7_3
gstreamer-plugins-good-debuginfo-0:0.10.31-12.el7_3
gstreamer-plugins-good-devel-docs-0:0.10.31-12.el7_3
gstreamer1-plugins-good-0:1.4.5-3.el7_3
gstreamer1-plugins-good-debuginfo-0:1.4.5-3.el7_3

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References