GStreamer Bad Plug-ins CVE-2016-9812 Denial of Service Vulnerability

GStreamer Bad Plug-ins is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

Information

Bugtraq ID: 95160
Class: Boundary Condition Error
CVE: CVE-2016-9812

Remote: Yes
Local: No
Published: Nov 24 2016 12:00AM
Updated: May 26 2017 09:00AM
Credit: Hanno Böck.
Vulnerable: SuSE Linux Enterprise Software Development Kit 12 SP1
SuSE Linux Enterprise Server for Raspberry Pi 12-SP2
SuSE Linux Enterprise Server 12-SP2
SuSE Linux Enterprise Server 12-SP1
SuSE Linux Enterprise Desktop 12-SP2
SuSE Linux Enterprise Desktop 12-SP1
Redhat Enterprise Linux 7
GStreamer GStreamer Bad Plug-ins 0
Gentoo Linux

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• Gstreamer Bad Plug-ins Homepage (GStreamer)
  
• mpegtssection: Add more section size checks (Gstreamer)
  
• Bug 1401930 gstreamer1-plugins-bad-free: Out-of-bounds read (Redhat)
  
• Bug 775048 - mpegts decoder: Out of bounds read in gst_mpegts_section_new (Gnome)
  

Source: www.securityfocus.com