[GLSA-201512-07] GStreamer: User-assisted execution of arbitrary code
A buffer overflow in GStreamer could allow remote attackers to execute arbitrary code or cause Denial of Service.
Background
GStreamer is an open source multimedia framework.
Description
A buffer overflow vulnerability has been found in the parsing of H.264
formatted video.
Impact
A remote attacker could entice a user to open a specially crafted H.264
formatted video using an application linked against GStreamer, possibly
resulting in execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All GStreamer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.4.5"
Package | Affected Version |
---|---|
pkg:ebuild/media-libs/gstreamer?distro=gentoo | < 1.4.5 |
pkg:ebuild/media-libs/gst-plugins-bad?distro=gentoo | < 0.10.23-r3 |
Package | Unaffected Version |
---|---|
pkg:ebuild/media-libs/gstreamer?distro=gentoo | >= 1.4.5 |
pkg:ebuild/media-libs/gstreamer?distro=gentoo | >= 0.10.36-r2 |
pkg:ebuild/media-libs/gst-plugins-bad?distro=gentoo | >= 0.10.23-r3 |
- ID
- GLSA-201512-07
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201512-07
- Published
-
2015-12-30T00:00:00
(8 years ago) - Modified
-
2016-02-09T00:00:00
(8 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2015-0797 | CVE-2015-0797 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0797 |
Bugzilla | 553742 | Bugzilla #553742 | https://bugs.gentoo.org/show_bug.cgi?id=553742 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:ebuild/media-libs/gstreamer?distro=gentoo | media-libs | gstreamer | < 1.4.5 | gentoo | ||
Unaffected | pkg:ebuild/media-libs/gstreamer?distro=gentoo | media-libs | gstreamer | >= 1.4.5 | gentoo | ||
Unaffected | pkg:ebuild/media-libs/gstreamer?distro=gentoo | media-libs | gstreamer | >= 0.10.36-r2 | gentoo | ||
Affected | pkg:ebuild/media-libs/gst-plugins-bad?distro=gentoo | media-libs | gst-plugins-bad | < 0.10.23-r3 | gentoo | ||
Unaffected | pkg:ebuild/media-libs/gst-plugins-bad?distro=gentoo | media-libs | gst-plugins-bad | >= 0.10.23-r3 | gentoo |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |