ID CVE-2016-9813
Summary The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
References
Vulnerable Configurations
  • cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1401934
title CVE-2016-9813 gstreamer-plugins-bad-free: NULL pointer dereference in mpegts parser
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment gstreamer1-plugins-bad-free is earlier than 0:1.4.5-6.el7_3
          oval oval:com.redhat.rhsa:tst:20170021001
        • comment gstreamer1-plugins-bad-free is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170021002
      • AND
        • comment gstreamer1-plugins-bad-free-devel is earlier than 0:1.4.5-6.el7_3
          oval oval:com.redhat.rhsa:tst:20170021003
        • comment gstreamer1-plugins-bad-free-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170021004
rhsa
id RHSA-2017:0021
released 2017-01-05
severity Moderate
title RHSA-2017:0021: gstreamer1-plugins-bad-free security update (Moderate)
rpms
  • gstreamer1-plugins-bad-free-0:1.4.5-6.el7_3
  • gstreamer1-plugins-bad-free-debuginfo-0:1.4.5-6.el7_3
  • gstreamer1-plugins-bad-free-devel-0:1.4.5-6.el7_3
refmap via4
bid 95158
confirm
debian DSA-3818
exploit-db 42162
gentoo GLSA-201705-10
mlist
  • [oss-security] 20161201 gstreamer multiple issues
  • [oss-security] 20161204 Re: gstreamer multiple issues
Last major update 05-01-2018 - 02:31
Published 13-01-2017 - 16:59
Last modified 05-01-2018 - 02:31
Back to Top