Debian Gst-Plugins-Good1.0 vulnerabilities

CVE-2016-9635 [CRITICAL] CVE-2016-9635: gst-plugins-good1.0 - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstfl... Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. Scope: local bookworm: resolved (fixed in 1.10.1-2) bull

CVE-2016-9636 [CRITICAL] CVE-2016-9636: gst-plugins-good1.0 - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstfl... Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. Scope: local bookworm: resolved (fixed in 1.10.1-2)

CVE-2016-9634 [CRITICAL] CVE-2016-9634: gst-plugins-good1.0 - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstfl... Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. Scope: local bookworm: resolved (fixed in 1.10.1-2) bullseye: resolved (fixed in 1.10.1-2)

CVE-2016-9808 [HIGH] CVE-2016-9808: gst-plugins-good1.0 - The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a d... The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. Scope: local bookworm: resolved (fixed in 1.10.1-2) bullseye: resolved (fixed in 1.10.1-2) forky: resolved (fixed in 1.10.1-2) sid: resolved (fixed in 1.10.1-2) trixie: resolved (fixe

CVE-2016-9810 [MEDIUM] CVE-2016-9810: gst-plugins-good1.0 - The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins... The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. Scope: local bookworm: resolved (fixed in 1.10.1-2) bullseye: resolved (fixed in 1.10.1-2) forky:

CVE-2016-9807 [MEDIUM] CVE-2016-9807: gst-plugins-good1.0 - The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2... The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. Scope: local bookworm: resolved (fixed in 1.10.1-2) bullseye: resolved (fixed in 1.10.1-2) forky: resolved (fixed in 1.10.1-2) sid: resolved (fixed in 1.10.1-2) trix

CVE-2016-10199 [HIGH] CVE-2016-10199: gst-plugins-good1.0 - The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-goo... The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. Scope: local bookworm: resolved (fixed in 1.10.3-1) bullseye: resolved (fixed in 1.10.3-1) forky: resolved (fixed in 1.10.3-1) sid: resolv

CVE-2016-10198 [MEDIUM] CVE-2016-10198: gst-plugins-good1.0 - The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst... The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. Scope: local bookworm: resolved (fixed in 1.10.3-1) bullseye: resolved (fixed in 1.10.3-1) forky: resolved (fixed in 1.10.