#14776: gstreamer-1.18.4 gst-plugins-base gst-plugins-good gst-plugins-bad gst- plugins-ugly gst-libav gstreamer-vaapi -------------------------+----------------------- Reporter: renodr | Owner: renodr Type: enhancement | Status: assigned Priority: elevated | Milestone: 10.2 Component: BOOK | Version: SVN Severity: normal | Resolution: Keywords: | -------------------------+-----------------------
Comment (by renodr): '''Security Advisory 2021-0004''' {{{ Security Advisory 2021-0004 Summary Out-of-bounds read in realmedia demuxing Date 2021-03-15 16:00 Affected Versions GStreamer gst-plugins-ugly 1.x <= 1.18.3 ID GStreamer-SA-2021-0004 Details GStreamer before 1.18.4 might do an out-of-bounds read when handling certain RealMedia files or streams. Impact It might be possible for a malicious third party to trigger a crash in the application. Threat mitigation Workarounds Solution The gst-plugins-ugly 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. References The GStreamer project https://gstreamer.freedesktop.org GStreamer 1.18.4 release Release Notes GStreamer Plugins Ugly 1.18.4 Patches Patch 1 }}} -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14776#comment:5> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page