Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-5845

The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2017020...
MLIST: [oss-security] 2017020...
CONFIRM: https://bugzilla.gnome...
CONFIRM: https://gstreamer.free...
BID: 96001
GENTOO: GLSA-201705-10
DEBIAN: DSA-3820
REDHAT: RHSA-2017:2060

Launchpad.net

CVE 2017-5845

Related bugs

References