Main Vulnerability Database SB2016120707

SB2016120707 - Fedora 25 update for gstreamer-plugins-bad-free

Published: December 7, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016120707

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2016-9809)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.

2) Out-of-bounds read (CVE-ID: CVE-2016-9812)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.

3) NULL pointer dereference (CVE-ID: CVE-2016-9813)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c63b652a8