CVE-2017-5840 in Ubuntu

CVE-2017-5840

Priority

Description

The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (out-of-bounds heap read) via vectors involving
the current stts index.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5840
http://www.openwall.com/lists/oss-security/2017/02/01/7
https://ubuntu.com/security/notices/USN-3245-1

Bugs

https://bugzilla.gnome.org/show_bug.cgi?id=777469

Notes

Package

Source: gst-plugins-good0.10 (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 14.04 ESM:	DNE (trusty was released [0.10.31-3+nmu1ubuntu5.3])

Patches:

Package

Source: gst-plugins-good1.0 (LP Ubuntu Debian)

Upstream:	released (1.10.3-1)
Ubuntu 16.04 ESM:	released (1.8.3-1ubuntu0.4)
Ubuntu 14.04 ESM:	DNE (trusty was released [1.2.4-1~ubuntu1.4])

Patches:

Upstream:

https://github.com/GStreamer/gst-plugins-good/commit/1ffef8bf6076c42bcbaaf0ec4f11ca4cf0c797da

More Information

Updated: 2022-04-13 13:01:22 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)