CVE-2017-5843

Multiple use-after-free vulnerabilities in the (1) gstminiobjectunref, (2) gsttaglistunref, and (3) gstmxfdemuxupdateessence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.

References

Affected packages

Debian:11 / gst-plugins-bad1.0

Package

Name: gst-plugins-bad1.0
Purl: pkg:deb/debian/gst-plugins-bad1.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gst-plugins-bad1.0

Package

Name: gst-plugins-bad1.0
Purl: pkg:deb/debian/gst-plugins-bad1.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gst-plugins-bad1.0

Package

Name: gst-plugins-bad1.0
Purl: pkg:deb/debian/gst-plugins-bad1.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / gst-plugins-bad1.0

Package

Name: gst-plugins-bad1.0
Purl: pkg:deb/debian/gst-plugins-bad1.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gstreamer/gstreamer

Affected ranges

Type: GIT
Repo: https://github.com/gstreamer/gstreamer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d16edfdc698310fe25079136140d347f6d4b3835