[GLSA-201512-07] GStreamer: User-assisted execution of arbitrary code
A buffer overflow in GStreamer could allow remote attackers to execute arbitrary code or cause Denial of Service.
Background
GStreamer is an open source multimedia framework.
Description
A buffer overflow vulnerability has been found in the parsing of H.264
formatted video.
Impact
A remote attacker could entice a user to open a specially crafted H.264
formatted video using an application linked against GStreamer, possibly
resulting in execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All GStreamer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.4.5"
| Package | Affected Version |
|---|---|
 pkg:ebuild/media-libs/gstreamer?distro=gentoo
|
< 1.4.5 |
|
pkg:ebuild/media-libs/gst-plugins-bad?distro=gentoo
|
< 0.10.23-r3 |
| Package | Unaffected Version |
|---|---|
|
pkg:ebuild/media-libs/gstreamer?distro=gentoo
|
>= 1.4.5 |
|
pkg:ebuild/media-libs/gstreamer?distro=gentoo
|
>= 0.10.36-r2 |
|
pkg:ebuild/media-libs/gst-plugins-bad?distro=gentoo
|
>= 0.10.23-r3 |
- ID
- GLSA-201512-07
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201512-07
- Published
-
2015-12-30T00:00:00
(8 years ago) - Modified
-
2016-02-09T00:00:00
(8 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
DSA-3225-1
ELSA-2015-0988
FREEBSD:D9B43004-F5FD-4807-B1D7-DBF66455B244
RHSA-2015:0988
SUSE-SU-2015:0921-1| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2015-0797 | CVE-2015-0797 |
|
| Bugzilla | 553742 | Bugzilla #553742 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:ebuild/media-libs/gstreamer?distro=gentoo | media-libs |
gstreamer
|
< 1.4.5 | gentoo | ||
| Unaffected | pkg:ebuild/media-libs/gstreamer?distro=gentoo | media-libs |
gstreamer
|
>= 1.4.5 | gentoo | ||
| Unaffected | pkg:ebuild/media-libs/gstreamer?distro=gentoo | media-libs |
gstreamer
|
>= 0.10.36-r2 | gentoo | ||
| Affected | pkg:ebuild/media-libs/gst-plugins-bad?distro=gentoo | media-libs |
gst-plugins-bad
|
< 0.10.23-r3 | gentoo | ||
| Unaffected | pkg:ebuild/media-libs/gst-plugins-bad?distro=gentoo | media-libs |
gst-plugins-bad
|
>= 0.10.23-r3 | gentoo |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |