Alpine: gst-plugins-bad1: security update to 1.8.3-r0

critical Tenable Cloud Security Plugin ID 404833

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x
before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands
via crafted search parameters. (CVE-2016-5843)

- Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote
attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
(CVE-2016-9809)

- The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote
attackers to cause a denial of service (out-of-bounds read) via a too small section. (CVE-2016-9812)

- The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and crash) via a crafted file. (CVE-2016-9813)

See Also

https://security.alpinelinux.org/vuln/CVE-2016-5843

https://security.alpinelinux.org/vuln/CVE-2016-9809

https://security.alpinelinux.org/vuln/CVE-2016-9812

https://security.alpinelinux.org/vuln/CVE-2016-9813

Plugin Details

Severity: Critical

ID: 404833

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 5/8/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P

CVSS Score Source: CVE-2016-5843

CVSS v3

Risk Factor: Critical

Base Score: 9.4

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/16/2016

Reference Information

CVE: CVE-2016-5843, CVE-2016-9809, CVE-2016-9812, CVE-2016-9813

BID: 93019, 95147, 95158, 95160