GStreamer Bad Plug-ins CVE-2016-9813 NULL pointer Dereference Remote Denial of Service Vulnerability

GStreamer Bad Plug-ins is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

Information

Bugtraq ID: 95158
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-9813

Remote: Yes
Local: No
Published: Nov 25 2016 12:00AM
Updated: Jun 12 2017 06:02PM
Credit: Hanno Böck
Vulnerable: SuSE Linux Enterprise Software Development Kit 12 SP1
SuSE Linux Enterprise Server for Raspberry Pi 12-SP2
SuSE Linux Enterprise Server 12-SP2
SuSE Linux Enterprise Server 12-SP1
SuSE Linux Enterprise Desktop 12-SP2
SuSE Linux Enterprise Desktop 12-SP1
Redhat Enterprise Linux Workstation Optional 7
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Server TUS 7.3
Redhat Enterprise Linux Server Optional 7
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux ComputeNode Optional 7
Oracle Linux 7
GStreamer GStreamer Bad Plug-ins 0
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 ia-30
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 7

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• mpegtssection: Fix PAT parsing (GStreamer)
  
• Bug 775120 - mpegts parser: null pointer deref in _parse_pat (Gnome)
  
• Gstreamer Bad Plug-ins Homepage (GStreamer)
  
• Bug 1401934 - (CVE-2016-9813) CVE-2016-9813 gstreamer-plugins-bad-free: NULL po (bugzilla)
  

Source: www.securityfocus.com