The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
The product reads data past the end, or before the beginning, of the intended buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gstreamer | Gstreamer_project | * | 1.10.2 (including) |
Red Hat Enterprise Linux 7 | RedHat | clutter-gst2-0:2.0.18-1.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | gnome-video-effects-0:0.4.3-1.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | gstreamer1-0:1.10.4-2.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | gstreamer1-plugins-bad-free-0:1.10.4-2.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | gstreamer1-plugins-base-0:1.10.4-1.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | gstreamer1-plugins-good-0:1.10.4-2.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | gstreamer-plugins-bad-free-0:0.10.23-23.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | gstreamer-plugins-good-0:0.10.31-13.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | orc-0:0.4.26-1.el7 | * |
Gstreamer0.10 | Ubuntu | esm-apps/xenial | * |
Gstreamer0.10 | Ubuntu | precise | * |
Gstreamer0.10 | Ubuntu | trusty | * |
Gstreamer0.10 | Ubuntu | upstream | * |
Gstreamer0.10 | Ubuntu | vivid/stable-phone-overlay | * |
Gstreamer0.10 | Ubuntu | xenial | * |
Gstreamer1.0 | Ubuntu | esm-infra/xenial | * |
Gstreamer1.0 | Ubuntu | trusty | * |
Gstreamer1.0 | Ubuntu | upstream | * |
Gstreamer1.0 | Ubuntu | vivid/stable-phone-overlay | * |
Gstreamer1.0 | Ubuntu | xenial | * |
Gstreamer1.0 | Ubuntu | yakkety | * |