Vulnerabilities > CVE-2016-9808 - Out-of-bounds Write vulnerability in Gstreamer 1.10.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gstreamer
CWE-787
nessus

Summary

The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.

Vulnerable Configurations

Part Description Count
Application
Gstreamer
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201705-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100263
    published2017-05-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100263
    titleGLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161221_GSTREAMER_PLUGINS_GOOD_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were discovered in GStreamer
    last seen2020-03-18
    modified2016-12-21
    plugin id96042
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96042
    titleScientific Linux Security Update : gstreamer-plugins-good on SL6.x i386/x86_64 (20161221)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3303-1.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following security issues : - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96264
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96264
    titleSUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3303-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-88.NASL
    descriptionThis update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
    last seen2020-06-05
    modified2017-01-17
    plugin id96554
    published2017-01-17
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96554
    titleopenSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-88)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-153.NASL
    descriptionThis update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
    last seen2020-06-05
    modified2017-01-30
    plugin id96862
    published2017-01-30
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96862
    titleopenSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-153)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0019.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96340
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96340
    titleCentOS 7 : gstreamer-plugins-good (CESA-2017:0019)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1064.NASL
    descriptionAccording to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
    last seen2020-05-06
    modified2017-05-02
    plugin id99911
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99911
    titleEulerOS 2.0 SP1 : gstreamer1-plugins-good (EulerOS-SA-2017-1064)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0020.NASL
    descriptionAn update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96341
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96341
    titleCentOS 7 : gstreamer1-plugins-good (CESA-2017:0020)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-93.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
    last seen2020-06-05
    modified2017-01-17
    plugin id96557
    published2017-01-17
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96557
    titleopenSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-93)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0019.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id101402
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101402
    titleVirtuozzo 7 : gstreamer-plugins-good / etc (VZLSA-2017-0019)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-65.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following security issues : - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96384
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96384
    titleopenSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-65)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2975.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96040
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96040
    titleRHEL 6 : gstreamer-plugins-good (RHSA-2016:2975)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2975.NASL
    descriptionFrom Red Hat Security Advisory 2016:2975 : An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96067
    published2016-12-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96067
    titleOracle Linux 6 : gstreamer-plugins-good (ELSA-2016-2975)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0237-1.NASL
    descriptiongstreamer-0_10-plugins-good was updated to fix five security issues. These security issues were fixed : - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103). - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102). - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655). - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653). To install this update libbz2-1 needs to be installed if it isn
    last seen2020-06-01
    modified2020-06-02
    plugin id96695
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96695
    titleSUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0237-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1065.NASL
    descriptionAccording to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
    last seen2020-05-06
    modified2017-05-02
    plugin id99912
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99912
    titleEulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2975.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96050
    published2016-12-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96050
    titleCentOS 6 : gstreamer-plugins-good (CESA-2016:2975)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0019.NASL
    descriptionAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96311
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96311
    titleRHEL 7 : gstreamer-plugins-good (RHSA-2017:0019)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170105_GSTREAMER1_PLUGINS_GOOD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were discovered in GStreamer
    last seen2020-03-18
    modified2017-01-06
    plugin id96331
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96331
    titleScientific Linux Security Update : gstreamer1-plugins-good on SL7.x x86_64 (20170105)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3288-1.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9807: flic decoder invalid read could lead to crash [bsc#1013655] - CVE-2016-9634: flic out-of-bounds write could lead to code execution [bsc#1012102] - CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012103] - CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012104] - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. [bsc#1013653] - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses [bsc#1013663] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96257
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96257
    titleSUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3288-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0210-1.NASL
    descriptionThis update for gstreamer-0_10-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96654
    published2017-01-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96654
    titleSUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0210-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170105_GSTREAMER_PLUGINS_GOOD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were discovered in GStreamer
    last seen2020-03-18
    modified2017-01-06
    plugin id96333
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96333
    titleScientific Linux Security Update : gstreamer-plugins-good on SL7.x x86_64 (20170105)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0020.NASL
    descriptionAn update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id101403
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101403
    titleVirtuozzo 7 : gstreamer1-plugins-good (VZLSA-2017-0020)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1062.NASL
    descriptionAccording to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
    last seen2020-05-06
    modified2017-05-02
    plugin id99909
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99909
    titleEulerOS 2.0 SP1 : gstreamer-plugins-good (EulerOS-SA-2017-1062)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0020.NASL
    descriptionAn update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96312
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96312
    titleRHEL 7 : gstreamer1-plugins-good (RHSA-2017:0020)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0225-1.NASL
    descriptiongstreamer-0_10-plugins-good was updated to fix six security issues. These security issues were fixed : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96694
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96694
    titleSUSE SLES11 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0225-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1063.NASL
    descriptionAccording to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a
    last seen2020-05-06
    modified2017-05-02
    plugin id99910
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99910
    titleEulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2017-1063)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-83.NASL
    descriptionThis update for gstreamer-plugins-good fixes the following issues : - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)
    last seen2020-06-05
    modified2017-01-17
    plugin id96549
    published2017-01-17
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96549
    titleopenSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-83)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-402.NASL
    descriptionThis update for gstreamer-0_10-plugins-good fixes the following issues : Security issues fixed : - CVE-2016-9634, CVE-2016-9635: add some bounds checking (boo#1012102 boo#1012103). - CVE-2016-9636: fix casting for some comparisons (boo#1012104). - CVE-2016-9807, CVE-2016-9808: rewrite logic using GsgtByteReader/Writer (boo#1013653 boo#1013655). - CVE-2016-9810: don
    last seen2020-06-05
    modified2017-04-03
    plugin id99150
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99150
    titleopenSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-402)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0019.NASL
    descriptionFrom Red Hat Security Advisory 2017:0019 : An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96327
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96327
    titleOracle Linux 7 : gstreamer-plugins-good (ELSA-2017-0019)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0020.NASL
    descriptionFrom Red Hat Security Advisory 2017:0020 : An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es) : * Multiple flaws were discovered in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96328
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96328
    titleOracle Linux 7 : gstreamer1-plugins-good (ELSA-2017-0020)

Redhat

advisories
  • bugzilla
    id1401874
    titleCVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentgstreamer-plugins-good-devel is earlier than 0:0.10.23-4.el6_8
            ovaloval:com.redhat.rhsa:tst:20162975001
          • commentgstreamer-plugins-good-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162975002
        • AND
          • commentgstreamer-plugins-good is earlier than 0:0.10.23-4.el6_8
            ovaloval:com.redhat.rhsa:tst:20162975003
          • commentgstreamer-plugins-good is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162975004
    rhsa
    idRHSA-2016:2975
    released2016-12-21
    severityImportant
    titleRHSA-2016:2975: gstreamer-plugins-good security update (Important)
  • bugzilla
    id1401874
    titleCVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentgstreamer-plugins-good-devel-docs is earlier than 0:0.10.31-12.el7_3
            ovaloval:com.redhat.rhsa:tst:20170019001
          • commentgstreamer-plugins-good-devel-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20170019002
        • AND
          • commentgstreamer-plugins-good is earlier than 0:0.10.31-12.el7_3
            ovaloval:com.redhat.rhsa:tst:20170019003
          • commentgstreamer-plugins-good is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162975004
    rhsa
    idRHSA-2017:0019
    released2017-01-05
    severityModerate
    titleRHSA-2017:0019: gstreamer-plugins-good security update (Moderate)
  • bugzilla
    id1401874
    titleCVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • commentgstreamer1-plugins-good is earlier than 0:1.4.5-3.el7_3
        ovaloval:com.redhat.rhsa:tst:20170020001
      • commentgstreamer1-plugins-good is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20170020002
    rhsa
    idRHSA-2017:0020
    released2017-01-05
    severityModerate
    titleRHSA-2017:0020: gstreamer1-plugins-good security update (Moderate)
rpms
  • gstreamer-plugins-good-0:0.10.23-4.el6_8
  • gstreamer-plugins-good-debuginfo-0:0.10.23-4.el6_8
  • gstreamer-plugins-good-devel-0:0.10.23-4.el6_8
  • gstreamer-plugins-good-0:0.10.31-12.el7_3
  • gstreamer-plugins-good-debuginfo-0:0.10.31-12.el7_3
  • gstreamer-plugins-good-devel-docs-0:0.10.31-12.el7_3
  • gstreamer1-plugins-good-0:1.4.5-3.el7_3
  • gstreamer1-plugins-good-debuginfo-0:1.4.5-3.el7_3