#VU32118 Buffer overflow in gst-plugins-bad1


| Updated: 2020-07-28

Vulnerability identifier: #VU32118

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9635

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
gst-plugins-bad1
Other software / Other software solutions

Vendor: GStreamer

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

Mitigation
Install update from vendor's website.

Vulnerable software versions

gst-plugins-bad1: 1.0.2 - 1.10.4

External links
http://rhn.redhat.com/errata/RHSA-2016-2975.html
http://rhn.redhat.com/errata/RHSA-2017-0019.html
http://rhn.redhat.com/errata/RHSA-2017-0020.html
http://www.debian.org/security/2016/dsa-3723
http://www.debian.org/security/2016/dsa-3724
http://www.openwall.com/lists/oss-security/2016/11/24/2
http://www.securityfocus.com/bid/94499
http://bugzilla.gnome.org/show_bug.cgi?id=774834
http://gstreamer.freedesktop.org/releases/1.10/#1.10.2
http://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
http://security.gentoo.org/glsa/201705-10

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Buffer overflow in gst-plugins-good (Alpine package)
Buffer overflow in gst-plugins-good1 (Alpine package)
Buffer overflow in GStreamer gst-plugins-bad1