Main Vulnerability Database SB2017042817

SB2017042817 - Out-of-bounds write in gst-plugins-base1 (Alpine package)

Published: April 28, 2017

Security Bulletin ID SB2017042817

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2017-5842)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=6ab23d65ce6f9c882e4efe3db6202a2b3ec58343
https://git.alpinelinux.org/aports/commit/?id=8901f4a1a9cb2e4c61387c538b5ceb2be48cebf1