GStreamer Bad Plug-ins CVE-2016-9809 Denial of Service Vulnerability

GStreamer Bad Plug-ins is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

Information

Bugtraq ID: 95147
Class: Boundary Condition Error
CVE: CVE-2016-9809

Remote: Yes
Local: No
Published: Dec 01 2016 12:00AM
Updated: May 26 2017 09:00AM
Credit: Hanno Böck.
Vulnerable: SuSE Linux Enterprise Software Development Kit 12 SP1
SuSE Linux Enterprise Server for Raspberry Pi 12-SP2
SuSE Linux Enterprise Server 12-SP2
SuSE Linux Enterprise Server 12-SP1
SuSE Linux Enterprise Desktop 12-SP2
SuSE Linux Enterprise Desktop 12-SP1
Redhat Enterprise Linux 7
GStreamer GStreamer Bad Plug-ins 0
Gentoo Linux

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• Gstreamer Bad Plug-ins Homepage (GStreamer)
  
• h264parse: Ensure codec_data has the required size when reading number of SPS (Gstreamer)
  
• Bug 1401880 gstreamer-plugins-bad-free: Off-by-one read in gst_h264_parse_set_ca (Redhat)
  

Source: www.securityfocus.com