PublicDateAtUSN: 2017-01-13 Candidate: CVE-2016-9811 PublicDate: 2017-01-13 16:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811 http://www.openwall.com/lists/oss-security/2016/12/01/2 https://ubuntu.com/security/notices/USN-3244-1 Description: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. Ubuntu-Description: Notes: Bugs: https://bugzilla.gnome.org/show_bug.cgi?id=774902 Priority: low Discovered-by: Hanno Böck Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H [4.7 MEDIUM] nvd: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H [4.7 MEDIUM] Patches_gst-plugins-base0.10: upstream_gst-plugins-base0.10: needs-triage precise_gst-plugins-base0.10: released (0.10.36-1ubuntu0.2) precise/esm_gst-plugins-base0.10: DNE (precise was released [0.10.36-1ubuntu0.2]) trusty_gst-plugins-base0.10: released (0.10.36-1.1ubuntu2.1) trusty/esm_gst-plugins-base0.10: DNE (trusty was released [0.10.36-1.1ubuntu2.1]) vivid/stable-phone-overlay_gst-plugins-base0.10: ignored (reached end-of-life) vivid/ubuntu-core_gst-plugins-base0.10: DNE xenial_gst-plugins-base0.10: released (0.10.36-2ubuntu0.1) yakkety_gst-plugins-base0.10: DNE zesty_gst-plugins-base0.10: DNE devel_gst-plugins-base0.10: DNE Patches_gst-plugins-base1.0: upstream: https://github.com/GStreamer/gst-plugins-base/commit/2fdccfd64fc609e44e9c4b8eed5bfdc0ab9c9095 upstream_gst-plugins-base1.0: released (1.10.2-1) precise_gst-plugins-base1.0: DNE precise/esm_gst-plugins-base1.0: DNE trusty_gst-plugins-base1.0: released (1.2.4-1~ubuntu2.1) trusty/esm_gst-plugins-base1.0: DNE (trusty was released [1.2.4-1~ubuntu2.1]) vivid/stable-phone-overlay_gst-plugins-base1.0: ignored (reached end-of-life) vivid/ubuntu-core_gst-plugins-base1.0: DNE xenial_gst-plugins-base1.0: released (1.8.3-1ubuntu0.2) esm-infra/xenial_gst-plugins-base1.0: released (1.8.3-1ubuntu0.2) yakkety_gst-plugins-base1.0: released (1.8.3-1ubuntu1.1) zesty_gst-plugins-base1.0: not-affected (1.10.2-1ubuntu1) devel_gst-plugins-base1.0: not-affected (1.10.2-1ubuntu1)