Main Vulnerability Database SB2017042816

SB2017042816 - Uncontrolled Recursion in gst-plugins-base1 (Alpine package)

Published: April 28, 2017

Security Bulletin ID SB2017042816

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Uncontrolled Recursion (CVE-ID: CVE-2017-5839)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=6ab23d65ce6f9c882e4efe3db6202a2b3ec58343
https://git.alpinelinux.org/aports/commit/?id=8901f4a1a9cb2e4c61387c538b5ceb2be48cebf1