CVE-2016-9808

Published: 1/13/2017 Last updated: 8/6/2024 Reserved: 12/4/2016

The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-gstreamer gstreamer

Products affected (1)

Product	Vendor	Version
n/a	n/a	all ansible_tower versions 3.6.x before 3.6.2

References (18)

https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
http://rhn.redhat.com/errata/RHSA-2017-0019.html
http://rhn.redhat.com/errata/RHSA-2016-2975.html
http://rhn.redhat.com/errata/RHSA-2017-0020.html
http://www.securityfocus.com/bid/95446
https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
http://www.openwall.com/lists/oss-security/2016/12/05/8
https://security.gentoo.org/glsa/201705-10
http://www.openwall.com/lists/oss-security/2016/12/01/2
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
http://rhn.redhat.com/errata/RHSA-2017-0019.html
http://rhn.redhat.com/errata/RHSA-2016-2975.html
http://rhn.redhat.com/errata/RHSA-2017-0020.html
http://www.securityfocus.com/bid/95446
https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
http://www.openwall.com/lists/oss-security/2016/12/05/8
https://security.gentoo.org/glsa/201705-10
http://www.openwall.com/lists/oss-security/2016/12/01/2