CVE-2016-9807

Summary

CVE	CVE-2016-9807
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-01-13 16:59:00 UTC
Updated	2018-01-05 02:31:00 UTC
Description	The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gstreamer	Gstreamer	All	All	All	All

References

Reference	Source	Link	Tags
oss-security - gstreamer multiple issues	MLIST	www.openwall.com	Mailing List, Third Party Advisory
Bug 774859 – flic decoder: Invalid memory read in flx_decode_chunks	CONFIRM	bugzilla.gnome.org	Issue Tracking
Red Hat Customer Portal	REDHAT	rhn.redhat.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
GStreamer 1.10 release notes	CONFIRM	gstreamer.freedesktop.org	Release Notes, Vendor Advisory
gstreamer/gst-plugins-good - 'Good' GStreamer plugins	CONFIRM	cgit.freedesktop.org	Issue Tracking, Patch
Red Hat Customer Portal	REDHAT	rhn.redhat.com
GStreamer Good Plug-ins CVE-2016-9807 Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
GStreamer plug-ins: User-assisted execution of arbitrary code (GLSA 201705-10) — Gentoo Security	GENTOO	security.gentoo.org
oss-security - Re: gstreamer multiple issues	MLIST	www.openwall.com	Mailing List, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378147 Virtuozzo Linux Security Update for gstreamer-plugins-good (VZLSA-2017:0019)
378149 Virtuozzo Linux Security Update for gstreamer1-plugins-good (VZLSA-2017:0020)
710553 Gentoo Linux GStreamer plug-ins User-assisted execution of arbitrary code Vulnerability (GLSA 201705-10)