GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Dec 30, 2015 12:26 pm Post subject: [ GLSA 201512-07 ] GStreamer |
|
|
Gentoo Linux Security Advisory
Title: GStreamer: User-assisted execution of arbitrary code (GLSA 201512-07)
Severity: normal
Exploitable: remote
Date: December 30, 2015
Updated: February 09, 2016
Bug(s): #553742
ID: 201512-07
Synopsis
A buffer overflow in GStreamer could allow remote attackers to
execute arbitrary code or cause Denial of Service.
Background
GStreamer is an open source multimedia framework.
Affected Packages
Package: media-libs/gstreamer
Vulnerable: < 1.4.5
Unaffected: >= 1.4.5
Unaffected: >= 0.10.36-r2 < 0.10.37
Architectures: All supported architectures
Package: media-libs/gst-plugins-bad
Vulnerable: < 0.10.23-r3
Unaffected: >= 0.10.23-r3 < 0.10.24
Architectures: All supported architectures
Description
A buffer overflow vulnerability has been found in the parsing of H.264
formatted video.
Impact
A remote attacker could entice a user to open a specially crafted H.264
formatted video using an application linked against GStreamer, possibly
resulting in execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All GStreamer users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.4.5"
|
References
CVE-2015-0797
Last edited by GLSA on Wed Feb 10, 2016 4:17 am; edited 2 times in total |
|