AVG-164

Package gst-plugins-base-libs
Status Fixed
Severity Critical
Type multiple issues
Affected 1.10.2-1
Fixed 1.10.3-1
Current 1.14.1-1 [extra]
Ticket None
Created Thu Feb 2 21:34:36 2017
Issue Severity Remote Type Description
CVE-2017-5844 Low Yes Denial of service
A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps.
CVE-2017-5842 Critical Yes Arbitrary code execution
An off-by-one write has been found in gstreamer before 1.10.3, in html_context_handle_element.
CVE-2017-5839 Medium Yes Denial of service
An endless recursion issue leading to stack overflow has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps.
CVE-2017-5837 Low Yes Denial of service
A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps.
Date Advisory Package Description
03 Feb 2017 ASA-201702-4 gst-plugins-base-libs multiple issues
References
http://seclists.org/oss-sec/2017/q1/284