Candidate: CVE-2016-9808 PublicDate: 2017-01-13 16:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808 https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html https://www.ubuntu.com/usn/usn-3135-2/ Description: The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. Ubuntu-Description: Notes: Bugs: https://bugzilla.gnome.org/show_bug.cgi?id=774859 Priority: medium Discovered-by: Chris Evans Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_gst-plugins-good0.10: upstream_gst-plugins-good0.10: needs-triage precise_gst-plugins-good0.10: released (0.10.31-1ubuntu1.4) precise/esm_gst-plugins-good0.10: DNE (precise was released [0.10.31-1ubuntu1.4]) trusty_gst-plugins-good0.10: released (0.10.31-3+nmu1ubuntu5.2) trusty/esm_gst-plugins-good0.10: DNE (trusty was released [0.10.31-3+nmu1ubuntu5.2]) vivid/stable-phone-overlay_gst-plugins-good0.10: ignored (reached end-of-life) vivid/ubuntu-core_gst-plugins-good0.10: DNE xenial_gst-plugins-good0.10: released (0.10.31-3+nmu4ubuntu2.16.04.2) yakkety_gst-plugins-good0.10: DNE zesty_gst-plugins-good0.10: DNE devel_gst-plugins-good0.10: DNE Patches_gst-plugins-good1.0: upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?h=1.10&id=be670f0daf67304fb92c76aa09c30cae0bfd1fe4 upstream_gst-plugins-good1.0: released (1.10.1-2) precise_gst-plugins-good1.0: DNE precise/esm_gst-plugins-good1.0: DNE trusty_gst-plugins-good1.0: released (1.2.4-1~ubuntu1.3) trusty/esm_gst-plugins-good1.0: DNE (trusty was released [1.2.4-1~ubuntu1.3]) vivid/stable-phone-overlay_gst-plugins-good1.0: ignored (reached end-of-life) vivid/ubuntu-core_gst-plugins-good1.0: DNE xenial_gst-plugins-good1.0: released (1.8.2-1ubuntu0.3) esm-infra/xenial_gst-plugins-good1.0: released (1.8.2-1ubuntu0.3) yakkety_gst-plugins-good1.0: released (1.8.3-1ubuntu1.2) zesty_gst-plugins-good1.0: released (1.10.2-1ubuntu1) devel_gst-plugins-good1.0: released (1.10.2-1ubuntu1)