oss-sec mailing list archives
CVE Request: gstreamer plugins
From: Marcus Meissner <meissner () suse de>
Date: Fri, 18 Nov 2016 17:31:19 +0100
Hi,
I am not sure if someone assigned CVEs for those:
1. Bufferoverflow in VMNC decoder in gstreamer plugins:
https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
Simple fix in:
https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
2. Missing bounds check in NSF decoder in gstreamer plugins
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
Only in gstreamer 0.10, dropped in newer versions.
Ciao, Marcus
Current thread:
- CVE Request: gstreamer plugins Marcus Meissner (Nov 18)
- Re: CVE Request: gstreamer plugins cve-assign (Nov 18)
- Re: CVE Request: gstreamer plugins Hanno Böck (Nov 19)
- Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)
- Re: CVE Request: gstreamer plugins cve-assign (Nov 23)
- Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)