PublicDateAtUSN: 2019-04-24
Candidate: CVE-2019-9928
PublicDate: 2019-04-24 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928
 https://gstreamer.freedesktop.org/security/sa-2019-0001.html
 https://ubuntu.com/security/notices/USN-3958-1
Description:
 GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP
 connection parser via a crafted response from a server, potentially
 allowing remote code execution.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978
Priority: high
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_gst-plugins-base0.10:
upstream_gst-plugins-base0.10: needs-triage
precise/esm_gst-plugins-base0.10: DNE
trusty_gst-plugins-base0.10: ignored (reached end-of-life)
trusty/esm_gst-plugins-base0.10: DNE (trusty was needs-triage)
xenial_gst-plugins-base0.10: released (0.10.36-2ubuntu0.2)
bionic_gst-plugins-base0.10: DNE
cosmic_gst-plugins-base0.10: DNE
disco_gst-plugins-base0.10: DNE
devel_gst-plugins-base0.10: DNE

Patches_gst-plugins-base1.0:
 upstream: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/commit/f672277509705c4034bc92a141eefee4524d15aa
upstream_gst-plugins-base1.0: released (1.15.90-1,1.16.0)
precise/esm_gst-plugins-base1.0: DNE
trusty_gst-plugins-base1.0: ignored (reached end-of-life)
trusty/esm_gst-plugins-base1.0: DNE (trusty was needs-triage)
xenial_gst-plugins-base1.0: released (1.8.3-1ubuntu0.3)
esm-infra/xenial_gst-plugins-base1.0: released (1.8.3-1ubuntu0.3)
bionic_gst-plugins-base1.0: released (1.14.1-1ubuntu1~ubuntu18.04.2)
cosmic_gst-plugins-base1.0: released (1.14.4-1ubuntu1.1)
disco_gst-plugins-base1.0: not-affected (1.15.90-1)
devel_gst-plugins-base1.0: not-affected (1.15.90-1)