CVE-2016-9446 – gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak
https://notcve.org/view.php?id=CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. El decodificador vmnc en el gstreamer no inicializa el lienzo de renderizado, lo que permite a permite a atacantes remotos obtener información sensible como se demuestra mediante la miniatura de una simple película vmnc de un frame que no dibuja el lienzo de renderizado asignado. • http://www.openwall.com/lists/oss-security/2016/11/18/12 http://www.openwall.com/lists/oss-security/2016/11/18/13 http://www.securityfocus.com/bid/94423 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=774533 https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ http • CWE-456: Missing Initialization of a Variable CWE-665: Improper Initialization •
CVE-2016-9445 – gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder
https://notcve.org/view.php?id=CVE-2016-9445
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. Desbordamiento de entero en el decodificador vmnc en el gstreamer permite a atacantes remotos provocar una denegación de servicio (caída) a través de valores de anchura y altura grandes, lo que desencadena un desbordamiento de búfer. An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2016-2974.html http://rhn.redhat.com/errata/RHSA-2017-0018.html http://rhn.redhat.com/errata/RHSA-2017-0021.html http://www.openwall.com/lists/oss-security/2016/11/18/12 http://www.openwall.com/lists/oss-security/2016/11/18/13 http://www.securityfocus.com/bid/94421 https://bugzilla.gnome.org/show_bug.cgi?id=774533 https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe ht • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2016-9447 – gstreamer-plugins-bad-free: Memory corruption flaw in NSF decoder
https://notcve.org/view.php?id=CVE-2016-9447
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file. Los mapeos ROM en el decodificador NSF en gstreamer 0.10.x permiten a atacantes remotos provocar una denegación de servicio (lectura o escritura fuera de límites) y posiblemente ejecutar código arbitrario a través de un archivo de música NSF manipulado. A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2016-2974.html http://rhn.redhat.com/errata/RHSA-2017-0018.html http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html http://www.openwall.com/lists/oss-security/2016/11/18/12 http://www.openwall.com/lists/oss-security/2016/11/18/13 http://www.securityfocus.com/bid/94427 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2016-9447 https://bugzilla.redhat.com/show& • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2015-0797 – Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)
https://notcve.org/view.php?id=CVE-2015-0797
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. GStreamer anterior a 1.4.5, utilizado en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 en Linux, permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer y caída de aplicación) o posiblemente ejecutar código arbitrario a través de datos de vídeo H.264 manipulados en un fichero m4v. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security/2015/dsa-3225 http://www.debian.org/security/2015/dsa-3260 http://www.debian.org/security/2015/dsa-3264 http://www.mozilla. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0586 – gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_coverart()
https://notcve.org/view.php?id=CVE-2009-0586
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en la función gst_vorbis_tag_add_coverart (archivo gst-libs/gst/tag/gstvorbistag.c) en vorbistag en gst-plugins-base (se conoce como gstreamer-plugins-base) anterior a versión 0.10.23 en GStreamer, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de una etiqueta COVERART diseñada que es convertida desde una representación base64, lo que desencadena un desbordamiento de búfer en la región heap de la memoria. • http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff http://openwall.com/lists/oss-security/2009/03/12/2 http://secunia.com/advisories/34335 http://secunia.com/advisories/34350 http://secunia.com/advisories/35777 http://security.gentoo.org/glsa/glsa-200907-11.xml http://www.mandriva.com/se • CWE-190: Integer Overflow or Wraparound •