{"id":"MGASA-2017-0348","summary":"Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities","details":"A crafted AAC audio file could have caused an invalid read and thus\ncorruption or denial of service (CVE-2016-10198).\n\nA crafted mp4 file could have caused an invalid read and thus corruption\nor denial of service (CVE-2016-10199).\n\nA crafted AVI file could have caused an invalid read and thus corruption\nor denial of service (CVE-2017-5840).\n\nA crafted AVI file with metadata tag entries (ncdt) could have caused\ninvalid read access and thus corruption or denial of service\n(CVE-2017-5841).\n\nA crafted AVI file could have caused an invalid read access resulting in\ndenial of service (CVE-2017-5845).\n\nNote that GStreamer 0.10 was only affected by CVE-2016-10198 and\nCVE-2017-5840.\n","modified":"2026-04-16T06:23:36.681370591Z","published":"2017-09-21T13:43:32Z","upstream":["CVE-2016-10198","CVE-2016-10199","CVE-2017-5840","CVE-2017-5841","CVE-2017-5845"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0348.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20237"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/02/02/9"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-04/msg00073.html"},{"type":"WEB","url":"https://lwn.net/Alerts/714997/"}],"affected":[{"package":{"name":"gstreamer0.10-plugins-good","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gstreamer0.10-plugins-good?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.31-9.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0348.json"}},{"package":{"name":"gstreamer1.0-plugins-good","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gstreamer1.0-plugins-good?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.3-2.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0348.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}