Chris Evans discovered a vulnerability in the decoder for the FLIC file format which is part of media-libs/gst-plugins-good. It's described on a private blog ( https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.htmld ), no CVE has been assigned yet but one is requested ( http://seclists.org/oss-sec/2016/q4/491 ). I checked the portage tree and the vulnerable code seems to be present in all versions of gst-plugins-good which are available in Gentoo, from gst-plugins-good-0.10.31-r1 to gst-plugins-good-1.8.3 The lack of bounds checking happens in the function flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) {} in gst-plugins-good-*/gst/flx/gstflxdec.c There is a commit fixing the issue upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
CVEs have been assigned http://seclists.org/oss-sec/2016/q4/517
The fix was incomplete, see https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html Merging this bug with bug 601354. *** This bug has been marked as a duplicate of bug 601354 ***