Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues:
- A crafted aac audio file could have caused an invalid read and thus
corruption or denial of service (bsc#1024014, CVE-2016-10198)
- A crafted mp4 file could have caused an invalid read and thus corruption or
denial of service (bsc#1024017, CVE-2016-10199)
- A crafted avi file could have caused an invalid read and thus corruption or
denial of service (bsc#1024034, CVE-2017-5840)
- A crafted AVI file with metadata tag entries (ncdt) could have caused
invalid read access and thus corruption or denial of service (bsc#1024030,
CVE-2017-5841)
- A crafted avi file could have caused an invalid read access resulting in
denial of service (bsc#1024062, CVE-2017-5845)
-
Submitted by
Antonio Larrosa (alarrosa)
Fixed bugs
bnc#1024034
VUL-1: CVE-2017-5840: gstreamer-plugins-good: Out of bounds heap read in qtdemux_parse_samples
bnc#1024062
VUL-1: CVE-2017-5845: gstreamer-plugins-good: avidemux: invalid memory read in gst_avi_demux_parse_ncdt
bnc#1024017
VUL-1: CVE-2016-10199 gstreamer-plugins-good: Out of bounds read in qtdemux_tag_add_str_full
bnc#1024030
VUL-1: CVE-2017-5841: gstreamer-plugins-good: Heap out-of-bounds read in gst_avi_demux_parse_ncdt
bnc#1024014
VUL-1: CVE-2016-10198: gstreamer-plugins-good: Invalid memory read in gst_aac_parse_sink_setcaps
