CVE-2016-9634 – gstreamer-plugins-good: Heap buffer overflow in FLIC decoder
https://notcve.org/view.php?id=CVE-2016-9634
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través del parámetro start_line. Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2016-2975.html http://rhn.redhat.com/errata/RHSA-2017-0019.html http://rhn.redhat.com/errata/RHSA-2017-0020.html http://www.debian.org/security/2016/dsa-3723 http://www.debian.org/security/2016/dsa-3724 http://www.openwall.com/lists/oss-security/2016/11/24/2 http://www.securityfocus.com/bid/94499 https://bugzilla.gnome.org/show_bug.cgi?id=774834 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://scaryb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-9635 – gstreamer-plugins-good: Heap buffer overflow in FLIC decoder
https://notcve.org/view.php?id=CVE-2016-9635
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) proporcionando un 'recuento de saltos' que va más allá del búfer inicializado. Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2016-2975.html http://rhn.redhat.com/errata/RHSA-2017-0019.html http://rhn.redhat.com/errata/RHSA-2017-0020.html http://www.debian.org/security/2016/dsa-3723 http://www.debian.org/security/2016/dsa-3724 http://www.openwall.com/lists/oss-security/2016/11/24/2 http://www.securityfocus.com/bid/94499 https://bugzilla.gnome.org/show_bug.cgi?id=774834 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://scaryb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •