Main Vulnerability Database SB2017042814

SB2017042814 - Out-of-bounds read in gst-plugins-base1 (Alpine package)

Published: April 28, 2017

Security Bulletin ID SB2017042814

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2016-9811)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=6ab23d65ce6f9c882e4efe3db6202a2b3ec58343
https://git.alpinelinux.org/aports/commit/?id=8901f4a1a9cb2e4c61387c538b5ceb2be48cebf1