oss-sec mailing list archives
CVE Request: gstreamer plugins
From: Marcus Meissner <meissner () suse de>
Date: Fri, 18 Nov 2016 17:31:19 +0100
Hi, I am not sure if someone assigned CVEs for those: 1. Bufferoverflow in VMNC decoder in gstreamer plugins: https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html Simple fix in: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe 2. Missing bounds check in NSF decoder in gstreamer plugins http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html Only in gstreamer 0.10, dropped in newer versions. Ciao, Marcus
Current thread:
- CVE Request: gstreamer plugins Marcus Meissner (Nov 18)
- Re: CVE Request: gstreamer plugins cve-assign (Nov 18)
- Re: CVE Request: gstreamer plugins Hanno Böck (Nov 19)
- Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)
- Re: CVE Request: gstreamer plugins cve-assign (Nov 23)
- Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)