Advisories ยป MGASA-2017-0348

Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities

Publication date: 21 Sep 2017
Modification date: 21 Sep 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10198 , CVE-2016-10199 , CVE-2017-5840 , CVE-2017-5841 , CVE-2017-5845

Description

A crafted AAC audio file could have caused an invalid read and thus
corruption or denial of service (CVE-2016-10198).

A crafted mp4 file could have caused an invalid read and thus corruption
or denial of service (CVE-2016-10199).

A crafted AVI file could have caused an invalid read and thus corruption
or denial of service (CVE-2017-5840).

A crafted AVI file with metadata tag entries (ncdt) could have caused
invalid read access and thus corruption or denial of service
(CVE-2017-5841).

A crafted AVI file could have caused an invalid read access resulting in
denial of service (CVE-2017-5845).

Note that GStreamer 0.10 was only affected by CVE-2016-10198 and
CVE-2017-5840.
                

References

SRPMS

5/core