gst-plugins-bad - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-165 | 1.10.2-1 | 1.10.3-1 | Critical | Fixed | |
| AVG-76 | 1.10.0-1 | 1.10.2-2 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-5848 | AVG-165 | Low | Yes | Denial of service | An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm. |
| CVE-2017-5843 | AVG-165 | Critical | Yes | Arbitrary code execution | A double-free issue has been found in gstreamer before 1.10.3, in gst_mxf_demux_update_essence_tracks. |
| CVE-2016-9446 | AVG-76 | Low | Yes | Information disclosure | An information disclosure vulnerability has been discovered in the render canvas functionality of gst-plugins-bad due to the lack of initializing the... |
| CVE-2016-9445 | AVG-76 | High | Yes | Arbitrary code execution | The vmnc decoder in gst-plugins-bad of the gstreamer code base contains a width * height * depth integer overflow in the allocation of the render buffer... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 03 Feb 2017 | ASA-201702-5 | AVG-165 | Critical | multiple issues |
| 02 Jan 2017 | ASA-201701-3 | AVG-76 | High | multiple issues |