{"id":"USN-3135-2","summary":"gst-plugins-good0.10, gst-plugins-good1.0 vulnerability","details":"USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original\nsecurity fix was incomplete. This update fixes the problem.\n\nOriginal advisory details:\n\n Chris Evans discovered that GStreamer Good Plugins did not correctly handle\n malformed FLC movie files. If a user were tricked into opening a crafted\n FLC movie file with a GStreamer application, an attacker could cause a\n denial of service via application crash, or execute arbitrary code with the\n privileges of the user invoking the program.\n","modified":"2026-04-22T09:30:22.089309Z","published":"2016-11-28T13:21:46Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3135-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1643901"}],"affected":[{"package":{"name":"gst-plugins-good0.10","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/gst-plugins-good0.10@0.10.31-3+nmu1ubuntu5.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.31-3+nmu1ubuntu5.2"}]}],"versions":["0.10.31-3+nmu1ubuntu3","0.10.31-3+nmu1ubuntu4","0.10.31-3+nmu1ubuntu5","0.10.31-3+nmu1ubuntu5.1"],"ecosystem_specific":{"binaries":[{"binary_name":"gstreamer0.10-gconf","binary_version":"0.10.31-3+nmu1ubuntu5.2"},{"binary_name":"gstreamer0.10-plugins-good","binary_version":"0.10.31-3+nmu1ubuntu5.2"},{"binary_name":"gstreamer0.10-pulseaudio","binary_version":"0.10.31-3+nmu1ubuntu5.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3135-2.json"}},{"package":{"name":"gst-plugins-good1.0","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/gst-plugins-good1.0@1.2.4-1~ubuntu1.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.4-1~ubuntu1.3"}]}],"versions":["1.2.0-1ubuntu1","1.2.1-1ubuntu1","1.2.1-1ubuntu2","1.2.2-1ubuntu1","1.2.3-1ubuntu1","1.2.3-1ubuntu2","1.2.4-1~ubuntu1","1.2.4-1~ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_name":"gstreamer1.0-plugins-good","binary_version":"1.2.4-1~ubuntu1.3"},{"binary_name":"gstreamer1.0-pulseaudio","binary_version":"1.2.4-1~ubuntu1.3"},{"binary_name":"libgstreamer-plugins-good1.0-0","binary_version":"1.2.4-1~ubuntu1.3"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3135-2.json"}},{"package":{"name":"gst-plugins-good1.0","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/gst-plugins-good1.0@1.8.2-1ubuntu0.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.2-1ubuntu0.3"}]}],"versions":["1.6.0-1ubuntu1","1.6.1-1ubuntu1","1.6.2-1ubuntu1","1.7.1-1ubuntu1","1.7.2-1ubuntu1","1.7.90-1ubuntu1","1.7.91-1ubuntu1","1.8.0-1ubuntu1","1.8.1-1ubuntu0.1","1.8.2-1ubuntu0.1","1.8.2-1ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_name":"gstreamer1.0-plugins-good","binary_version":"1.8.2-1ubuntu0.3"},{"binary_name":"gstreamer1.0-pulseaudio","binary_version":"1.8.2-1ubuntu0.3"},{"binary_name":"libgstreamer-plugins-good1.0-0","binary_version":"1.8.2-1ubuntu0.3"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3135-2.json"}}],"schema_version":"1.7.5"}