"During a source code audit, Theori discovered a stack buffer overflow in the h264parse module which is part of gstreamer-plugins-bad 1.x. The vulnerable code path can be triggered when gstreamer parses any attacker-controlled H.264 content. This flaw could lead to remote code execution." 1.16.3 includes the fix.
Thanks for the report, beat me to it. (We use fixed versions within Gentoo in the summary.)
(In reply to Sam James from comment #1) > Thanks for the report, beat me to it. > > (We use fixed versions within Gentoo in the summary.) Thanks! Doh, I meant to <, not <=. 1.16.3 is indeed fixed.
*** Bug 767187 has been marked as a duplicate of this bug. ***
ppc64 done
x86 done
amd64 done
ppc done
arm64 done
arm done all arches done
Please cleanup
Package list is empty or all packages have requested keywords.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f69203b9608d0db5bda6ce4050bf90de5119c0f8 commit f69203b9608d0db5bda6ce4050bf90de5119c0f8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 21:47:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 21:48:21 +0000 [ GLSA 202208-31 ] GStreamer, GStreamer Plugins: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/765163 Bug: https://bugs.gentoo.org/766336 Bug: https://bugs.gentoo.org/785652 Bug: https://bugs.gentoo.org/785655 Bug: https://bugs.gentoo.org/785658 Bug: https://bugs.gentoo.org/785661 Bug: https://bugs.gentoo.org/835368 Bug: https://bugs.gentoo.org/843770 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-31.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+)
GLSA done, all done.