diff options
Diffstat (limited to 'src/htdocs/security/sa-2016-0002.md')
| -rw-r--r-- | src/htdocs/security/sa-2016-0002.md | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/htdocs/security/sa-2016-0002.md b/src/htdocs/security/sa-2016-0002.md new file mode 100644 index 00000000..b0d359ec --- /dev/null +++ b/src/htdocs/security/sa-2016-0002.md @@ -0,0 +1,58 @@ +# Security Advisory 2016-0002 (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Multiple Issues in FLC/FLI/FLX Decoder | +| Date | 2016-11-23 03:00 | +| Affected Versions | GStreamer gst-plugins-bad 1.10 < 1.10.2<br/>GStreamer gst-plugins-bad 1.x <= 1.8.3 | +| IDs | GStreamer-SA-2016-0002<br/>CVE-2016-9634<br/>CVE-2016-9635<br/>CVE-2016-9636<br/>CVE-2016-9807 | + +</div> + +## Details + +The decoder for the FLC/FLI/FLX animation video formats in gst-plugins-good contains various out-of-bounds writes and reads and fails to initialize output frame memory. + +## Impact + +If successful, a malicious third party could trigger either a crash in an application decoding a FLC/FLI/FLX video stream or an arbitrary code execution with the privileges of the target user. The failure to initialize output memory may result in an information leak. + +## Threat Mitigation + +Exploitation requires the user to access an FLC/FLI/FLX stream or file. + +## Workarounds + +The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or disable the FLC/FLI/FLX decoder plugin by removing the plugin binary file libgstflxdec.so or libgstflxdec.dll. + +## Solution + +The gst-plugins-bad 1.10.2 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile or disable the FLC/FLI/FLX plugin. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2016-9634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634) +- [CVE-2016-9635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635) +- [CVE-2016-9636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636) +- [CVE-2016-9807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807) + +### GStreamer Bugzilla Entries + +- [Bug 774834](https://bugzilla.gnome.org/show_bug.cgi?id=774834) +- [Bug 774859](https://bugzilla.gnome.org/show_bug.cgi?id=774859) + +### GStreamer Patches + +- [Patch 1](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac) +- [Patch 2](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2) +- [Patch 3](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9) +- [Patch 4](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff) +- [Patch 5](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=96aaf889afe90b5e02ec756af5c6c7000d2cc424) |