oss-sec mailing list archives
Re: CVE Request: gstreamer plugins
From: <cve-assign () mitre org>
Date: Wed, 23 Nov 2016 21:58:26 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html gstreamer decoder for the FLIC file format
To get an out-of-bounds write, the attacker simply has to specify a start_line value greater than the number of lines in the output canvas (bug 1)
Use CVE-2016-9634.
Or they could specify a skip count that goes past the end of the last line of the output canvas (bug 2)
Use CVE-2016-9635.
Or they could specify a write count that goes past the end of the last line of the output buffer (bug 3)
Use CVE-2016-9636. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYNlcQAAoJEHb/MwWLVhi27goP/iFEWViR3EL1uQvw8r0pKrhG sn1xsANxTN2AFDs4OfXahfoC/zvmuTPbfJ9DeL0LhpIAMslQxd8JmnFHpnmQn6ah zwImr913g1OPR7WPwsTpFzK9geS75Mnq4YNiH8JFAIrW37vgimWhS/31mytFuRJR fRnqeKU33NCKwELK/vR0ZxTc8hy5bAVvjhGKYB94xZbgjCNLTc3PwsIMFLbY6aSf 8k0w1xdumIFD6bw+x9jnNH+Rnv6fT3GPSDYsBajNZDIrgO7mcPlKEfv4t4+HYTHT Tnh3omqIFOrXnyKurZ+Qc0e2+zgusyhRJWRda1M2T+//cmGxNF58z+mtATlPRIaJ Dd8Ri8V/VWXdHRvmGHhFgzIG+LWBYd0VEttJE7PFJ5xzIy5kEoM6tGcacFsZn9Wp rlBrVi1Q+mp3jIdSxMu0KQvGzs/9gyQldoZDCxOQ3U0n3MaumBbdQmKU9Fj8PPoF f1OD6hBHc+Q42z30993GpjypiDy5WPINxN24ikRQyQha5qVT0BSCdYYph9Z70I3d lOrCF7x1LM5Gyr2biYyfdA4utAyqaBP0VqFI1gR3DByfN17WXSauVuxl6c7zS+hf 03+ixlUk+65BsFDlmC+ep0BUKwLUn7vaIY3+t0QZMwTDDoGOGcK3/pfq3TYAgaCl r6UZUBI35WgyoCj0VoyY =xMfa -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gstreamer plugins Marcus Meissner (Nov 18)
- Re: CVE Request: gstreamer plugins cve-assign (Nov 18)
- Re: CVE Request: gstreamer plugins Hanno Böck (Nov 19)
- Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)
- Re: CVE Request: gstreamer plugins cve-assign (Nov 23)
- Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)