AVG-165

Package gst-plugins-bad
Status Fixed
Severity Critical
Type multiple issues
Affected 1.10.2-1
Fixed 1.10.3-1
Current 1.14.1-2 [extra]
Ticket None
Created Thu Feb 2 21:34:43 2017
Issue Severity Remote Type Description
CVE-2017-5848 Low Yes Denial of service
An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
CVE-2017-5843 Critical Yes Arbitrary code execution
A double-free issue has been found in gstreamer before 1.10.3, in gst_mxf_demux_update_essence_tracks.
Date Advisory Package Description
03 Feb 2017 ASA-201702-5 gst-plugins-bad multiple issues
References
http://seclists.org/oss-sec/2017/q1/284