CVE-2016-9812

Summary

CVE	CVE-2016-9812
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-01-13 16:59:00 UTC
Updated	2018-01-05 02:31:00 UTC
Description	The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gstreamer	Gstreamer	All	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal	REDHAT	rhn.redhat.com
Debian -- Security Information -- DSA-3818-1 gst-plugins-bad1.0	DEBIAN	www.debian.org
oss-security - gstreamer multiple issues	MLIST	www.openwall.com
Bug 775048 – mpegts decoder: Out of bounds read in gst_mpegts_section_new	CONFIRM	bugzilla.gnome.org
GStreamer Bad Plug-ins CVE-2016-9812 Denial of Service Vulnerability	BID	www.securityfocus.com
GStreamer 1.10 release notes	CONFIRM	gstreamer.freedesktop.org
GStreamer plug-ins: User-assisted execution of arbitrary code (GLSA 201705-10) — Gentoo Security	GENTOO	security.gentoo.org
oss-security - Re: gstreamer multiple issues	MLIST	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378288 Virtuozzo Linux Security Update for gstreamer1-plugins-bad-free (VZLSA-2017:0021)
710553 Gentoo Linux GStreamer plug-ins User-assisted execution of arbitrary code Vulnerability (GLSA 201705-10)