PublicDateAtUSN: 2017-02-09
Candidate: CVE-2017-5845
PublicDate: 2017-02-09 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5845
 http://www.openwall.com/lists/oss-security/2017/02/01/7
 https://ubuntu.com/security/notices/USN-3245-1
Description:
 The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in
 gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
 cause a denial of service (invalid memory read and crash) via a ncdt
 sub-tag that "goes behind" the surrounding tag.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.gnome.org/show_bug.cgi?id=777532
Priority: low
Discovered-by: Hanno Böck
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_gst-plugins-good0.10:
upstream_gst-plugins-good0.10: needed
precise_gst-plugins-good0.10: not-affected (code not present)
precise/esm_gst-plugins-good0.10: DNE (precise was not-affected [code not present])
trusty_gst-plugins-good0.10: not-affected (code not present)
trusty/esm_gst-plugins-good0.10: DNE (trusty was not-affected [code not present])
vivid/stable-phone-overlay_gst-plugins-good0.10: not-affected (code not present)
vivid/ubuntu-core_gst-plugins-good0.10: DNE
xenial_gst-plugins-good0.10: not-affected (code not present)
yakkety_gst-plugins-good0.10: DNE
zesty_gst-plugins-good0.10: DNE
devel_gst-plugins-good0.10: DNE

Patches_gst-plugins-good1.0:
 upstream: https://github.com/GStreamer/gst-plugins-good/commit/4f478357ae21efd299735f678889a60ea8291d88
upstream_gst-plugins-good1.0: released (1.10.3-1)
precise_gst-plugins-good1.0: DNE
precise/esm_gst-plugins-good1.0: DNE
trusty_gst-plugins-good1.0: not-affected (code not present)
trusty/esm_gst-plugins-good1.0: DNE (trusty was not-affected [code not present])
vivid/stable-phone-overlay_gst-plugins-good1.0: ignored (reached end-of-life)
vivid/ubuntu-core_gst-plugins-good1.0: DNE
xenial_gst-plugins-good1.0: released (1.8.3-1ubuntu0.4)
esm-infra/xenial_gst-plugins-good1.0: released (1.8.3-1ubuntu0.4)
yakkety_gst-plugins-good1.0: released (1.8.3-1ubuntu1.3)
zesty_gst-plugins-good1.0: not-affected (1.10.3-1ubuntu1)
devel_gst-plugins-good1.0: not-affected (1.10.3-1ubuntu1)