CVE-2016-10198 in Ubuntu

CVE-2016-10198

Priority

Description

The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c
in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (invalid memory read and crash) via a crafted
audio file.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10198
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://ubuntu.com/security/notices/USN-3245-1

Bugs

https://bugzilla.gnome.org/show_bug.cgi?id=775450

Notes

Package

Source: gst-plugins-good0.10 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 14.04 ESM:	DNE (trusty was released [0.10.31-3+nmu1ubuntu5.3])

Patches:

Package

Source: gst-plugins-good1.0 (LP Ubuntu Debian)

Upstream:	released (1.10.3-1)
Ubuntu 16.04 ESM:	released (1.8.3-1ubuntu0.4)
Ubuntu 14.04 ESM:	DNE (trusty was released [1.2.4-1~ubuntu1.4])

Patches:

Upstream:

https://github.com/GStreamer/gst-plugins-good/commit/87a2c140ca54c5128093377e9b25a5c24b346727

More Information

Updated: 2022-04-13 12:10:42 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)