#14776: gstreamer-1.18.4 gst-plugins-base gst-plugins-good gst-plugins-bad gst- plugins-ugly gst-libav gstreamer-vaapi -------------------------+----------------------- Reporter: renodr | Owner: renodr Type: enhancement | Status: assigned Priority: elevated | Milestone: 10.2 Component: BOOK | Version: SVN Severity: normal | Resolution: Keywords: | -------------------------+-----------------------
Comment (by renodr): '''Security Advisory 2021-0003''' {{{ Security Advisory 2021-0003 Summary Heap corruption in matroska demuxing Date 2021-03-15 16:00 Affected Versions GStreamer gst-plugins-good 1.x <= 1.18.3 ID GStreamer-SA-2021-0003 Details GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. Impact It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user. Threat mitigation Workarounds Solution The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. References The GStreamer project https://gstreamer.freedesktop.org GStreamer 1.18.4 release Release Notes GStreamer Plugins Good 1.18.4 Patches Patch 1 }}} -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14776#comment:4> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page