The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2060 advisory.

  - The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer     before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a     crafted audio file. (CVE-2016-10198)

  - The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before     1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid     file, which triggers an incorrect unref call. (CVE-2016-9810)

  - The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to     always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico     file. (CVE-2016-9811)

  - The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before     1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors     involving ncdt tags. (CVE-2017-5841)

  - The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer     before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI     file, as demonstrated by OneNote_Manager.smi. (CVE-2017-5842)

  - Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3)     gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a     denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
    (CVE-2017-5843)

  - The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows     remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM     parsing. (CVE-2017-5848)

  - The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before     1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted     tag value. (CVE-2016-10199)

  - The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to     obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not     draw to the allocated render canvas. (CVE-2016-9446)

  - The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer     before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash)     via a crafted video file. (CVE-2017-5837)

  - The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows     remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
    (CVE-2017-5838)

  - The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer     before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of     service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. (CVE-2017-5839)

  - The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3     allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the     current stts index. (CVE-2017-5840)

  - The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer     before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash)     via a crafted ASF file. (CVE-2017-5844)

  - The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before     1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt     sub-tag that goes behind the surrounding tag. (CVE-2017-5845)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several issues have been found in gst-plugins-bad0.10, a package containing GStreamer plugins from the 'bad' set.

All issues are about use-after-free, out of bounds reads or buffer overflow in different modules.

For Debian 8 'Jessie', these problems have been fixed in version 0.10.23-7.4+deb8u3.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Multiple flaws were found in gstreamer1,     gstreamer1-plugins-base, gstreamer1-plugins-good, and     gstreamer1-plugins-bad-free packages. An attacker could     potentially use these flaws to crash applications which     use the GStreamer framework. (CVE-2016-9446,     CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,     CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,     CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,     CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,     CVE-2017-5845, CVE-2017-5848)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

GStreamer is a streaming media framework based on graphs of filters which operate on media data.

The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26).

Security Fix(es) :

* Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26).

Security Fix(es) :

  - Multiple flaws were found in gstreamer1,     gstreamer1-plugins-base, gstreamer1-plugins-good, and     gstreamer1-plugins-bad-free packages. An attacker could     potentially use these flaws to crash applications which     use the GStreamer framework. (CVE-2016-9446,     CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,     CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,     CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,     CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,     CVE-2017-5845, CVE-2017-5848)

The remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code)

    Multiple vulnerabilities have been discovered in various GStreamer       plug-ins. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user or automated system using a       GStreamer plug-in to process a specially crafted file, resulting in the       execution of arbitrary code or a Denial of Service.
  Workaround :

    There is no known workaround at this time.

This update for gstreamer-plugins-bad fixes the following issues :

Security issues fixed :

  - CVE-2017-5843: set stream tags to NULL after unrefing     (bsc#1024044).

  - CVE-2017-5848: rewrite PSM parsing to add bounds     checking (bsc#1024068).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for gstreamer-plugins-bad fixes the following issues:
Security issues fixed :

  - CVE-2017-5843: set stream tags to NULL after unrefing     (bsc#1024044).

  - CVE-2017-5848: rewrite PSM parsing to add bounds     checking (bsc#1024068).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.

Security fix for CVE-2017-5848, CVE-2017-5843 - Downgrade to 1.10.3 as it is the latest stable release

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Some memory management issues were found in the GStreamer 'bad' plugins :

CVE-2017-5843

A use after free issue was found in the mxfdemux element, which can can be triggered via a maliciously crafted file.

CVE-2017-5848

The psdemux was vulnerable to several invalid reads, which could be triggered via a maliciously crafted file.

For Debian 7 'Wheezy', these problems have been fixed in version 0.10.23-7.1+deb7u5.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
180851	Oracle Linux 7 : GStreamer (ELSA-2017-2060)	Nessus	Oracle Linux Local Security Checks	high
135099	Debian DLA-2164-1 : gst-plugins-bad0.10 security update	Nessus	Debian Local Security Checks	high
103064	EulerOS 2.0 SP2 : gstreamer (EulerOS-SA-2017-1206)	Nessus	Huawei Local Security Checks	high
103063	EulerOS 2.0 SP1 : gstreamer (EulerOS-SA-2017-1205)	Nessus	Huawei Local Security Checks	high
102752	CentOS 7 : clutter-gst2 / gnome-video-effects / gstreamer-plugins-bad-free / etcgstreamer1 / etc (CESA-2017:2060)	Nessus	CentOS Local Security Checks	high
102659	Scientific Linux Security Update : GStreamer on SL7.x x86_64 (20170802)	Nessus	Scientific Linux Local Security Checks	high
102150	RHEL 7 : GStreamer (RHSA-2017:2060)	Nessus	Red Hat Local Security Checks	high
100263	GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	critical
99448	openSUSE Security Update : gstreamer-plugins-bad (openSUSE-2017-479)	Nessus	SuSE Local Security Checks	high
99261	SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2017:0962-1)	Nessus	SuSE Local Security Checks	high
99004	Debian DSA-3818-1 : gst-plugins-bad1.0 - security update	Nessus	Debian Local Security Checks	high
97241	Fedora 25 : mingw-gstreamer1-plugins-bad-free (2017-216f4b9f9d)	Nessus	Fedora Local Security Checks	high
97235	Debian DLA-830-1 : gst-plugins-bad0.10 security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2017-5848

high

Tenable Plugins

high

high

high

high

high

high

high

critical

high

high

high

high

high