CVE-2017-5847

Upstream information

CVE-2017-5847 at MITRE

Description

The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

CVSS v3 Scores

	National Vulnerability Database
Base Score	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector	Network
Access Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	High
CVSSv3 Version	3

SUSE Bugzilla entry: 1023259 [RESOLVED / MOVED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Module for Basesystem 15 SP1	gstreamer >= 1.12.5-1.17 gstreamer-lang >= 1.12.5-1.17 libgstgl-1_0-0 >= 1.12.5-3.3.1 libgstphotography-1_0-0 >= 1.12.5-3.3.1 libgstreamer-1_0-0 >= 1.12.5-1.17
SUSE Linux Enterprise Module for Basesystem 15 SP2	gstreamer >= 1.16.2-1.53 gstreamer-lang >= 1.16.2-1.53 libgstphotography-1_0-0 >= 1.16.2-2.17 libgstreamer-1_0-0 >= 1.16.2-1.53 typelib-1_0-Gst-1_0 >= 1.16.2-1.53
SUSE Linux Enterprise Module for Basesystem 15 SP3	gstreamer >= 1.16.2-1.53 gstreamer-devel >= 1.16.2-1.53 gstreamer-lang >= 1.16.2-1.53 gstreamer-utils >= 1.16.2-1.53 libgstphotography-1_0-0 >= 1.16.2-7.22 libgstreamer-1_0-0 >= 1.16.2-1.53 typelib-1_0-Gst-1_0 >= 1.16.2-1.53
SUSE Linux Enterprise Module for Basesystem 15	gstreamer >= 1.12.5-1.17 gstreamer-lang >= 1.12.5-1.17 libgstgl-1_0-0 >= 1.12.5-1.40 libgstphotography-1_0-0 >= 1.12.5-1.40 libgstreamer-1_0-0 >= 1.12.5-1.17
SUSE Linux Enterprise Module for Desktop Applications 15 SP1	gstreamer-devel >= 1.12.5-1.17 gstreamer-plugins-bad >= 1.12.5-3.3.1 gstreamer-plugins-bad-devel >= 1.12.5-3.3.1 gstreamer-plugins-bad-lang >= 1.12.5-3.3.1 gstreamer-utils >= 1.12.5-1.17 libgstadaptivedemux-1_0-0 >= 1.12.5-3.3.1 libgstbadallocators-1_0-0 >= 1.12.5-3.3.1 libgstbadaudio-1_0-0 >= 1.12.5-3.3.1 libgstbadbase-1_0-0 >= 1.12.5-3.3.1 libgstbadvideo-1_0-0 >= 1.12.5-3.3.1 libgstbasecamerabinsrc-1_0-0 >= 1.12.5-3.3.1 libgstcodecparsers-1_0-0 >= 1.12.5-3.3.1 libgstinsertbin-1_0-0 >= 1.12.5-3.3.1 libgstmpegts-1_0-0 >= 1.12.5-3.3.1 libgstplayer-1_0-0 >= 1.12.5-3.3.1 libgsturidownloader-1_0-0 >= 1.12.5-3.3.1 libgstwayland-1_0-0 >= 1.12.5-3.3.1 typelib-1_0-Gst-1_0 >= 1.12.5-1.17 typelib-1_0-GstBadAllocators-1_0 >= 1.12.5-3.3.1 typelib-1_0-GstGL-1_0 >= 1.12.5-3.3.1 typelib-1_0-GstInsertBin-1_0 >= 1.12.5-3.3.1 typelib-1_0-GstMpegts-1_0 >= 1.12.5-3.3.1 typelib-1_0-GstPlayer-1_0 >= 1.12.5-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2	gstreamer-devel >= 1.16.2-1.53 gstreamer-plugins-bad >= 1.16.2-2.17 gstreamer-plugins-bad-chromaprint >= 1.16.2-2.17 gstreamer-plugins-bad-devel >= 1.16.2-2.17 gstreamer-plugins-bad-lang >= 1.16.2-2.17 gstreamer-utils >= 1.16.2-1.53 libgstadaptivedemux-1_0-0 >= 1.16.2-2.17 libgstbadaudio-1_0-0 >= 1.16.2-2.17 libgstbasecamerabinsrc-1_0-0 >= 1.16.2-2.17 libgstcodecparsers-1_0-0 >= 1.16.2-2.17 libgstinsertbin-1_0-0 >= 1.16.2-2.17 libgstisoff-1_0-0 >= 1.16.2-2.17 libgstmpegts-1_0-0 >= 1.16.2-2.17 libgstplayer-1_0-0 >= 1.16.2-2.17 libgstsctp-1_0-0 >= 1.16.2-2.17 libgsturidownloader-1_0-0 >= 1.16.2-2.17 libgstwayland-1_0-0 >= 1.16.2-2.17 libgstwebrtc-1_0-0 >= 1.16.2-2.17 typelib-1_0-GstInsertBin-1_0 >= 1.16.2-2.17 typelib-1_0-GstMpegts-1_0 >= 1.16.2-2.17 typelib-1_0-GstPlayer-1_0 >= 1.16.2-2.17 typelib-1_0-GstWebRTC-1_0 >= 1.16.2-2.17
SUSE Linux Enterprise Module for Desktop Applications 15 SP3	gstreamer-plugins-bad >= 1.16.2-7.22 gstreamer-plugins-bad-chromaprint >= 1.16.2-7.22 gstreamer-plugins-bad-devel >= 1.16.2-7.22 gstreamer-plugins-bad-lang >= 1.16.2-7.22 libgstadaptivedemux-1_0-0 >= 1.16.2-7.22 libgstbadaudio-1_0-0 >= 1.16.2-7.22 libgstbasecamerabinsrc-1_0-0 >= 1.16.2-7.22 libgstcodecparsers-1_0-0 >= 1.16.2-7.22 libgstinsertbin-1_0-0 >= 1.16.2-7.22 libgstisoff-1_0-0 >= 1.16.2-7.22 libgstmpegts-1_0-0 >= 1.16.2-7.22 libgstplayer-1_0-0 >= 1.16.2-7.22 libgstsctp-1_0-0 >= 1.16.2-7.22 libgsturidownloader-1_0-0 >= 1.16.2-7.22 libgstwayland-1_0-0 >= 1.16.2-7.22 libgstwebrtc-1_0-0 >= 1.16.2-7.22 typelib-1_0-GstInsertBin-1_0 >= 1.16.2-7.22 typelib-1_0-GstMpegts-1_0 >= 1.16.2-7.22 typelib-1_0-GstPlayer-1_0 >= 1.16.2-7.22 typelib-1_0-GstWebRTC-1_0 >= 1.16.2-7.22
SUSE Linux Enterprise Module for Desktop Applications 15	gstreamer-devel >= 1.12.5-1.17 gstreamer-plugins-bad >= 1.12.5-1.40 gstreamer-plugins-bad-devel >= 1.12.5-1.40 gstreamer-plugins-bad-lang >= 1.12.5-1.40 gstreamer-utils >= 1.12.5-1.17 libgstadaptivedemux-1_0-0 >= 1.12.5-1.40 libgstbadallocators-1_0-0 >= 1.12.5-1.40 libgstbadaudio-1_0-0 >= 1.12.5-1.40 libgstbadbase-1_0-0 >= 1.12.5-1.40 libgstbadvideo-1_0-0 >= 1.12.5-1.40 libgstbasecamerabinsrc-1_0-0 >= 1.12.5-1.40 libgstcodecparsers-1_0-0 >= 1.12.5-1.40 libgstinsertbin-1_0-0 >= 1.12.5-1.40 libgstmpegts-1_0-0 >= 1.12.5-1.40 libgstplayer-1_0-0 >= 1.12.5-1.40 libgsturidownloader-1_0-0 >= 1.12.5-1.40 libgstwayland-1_0-0 >= 1.12.5-1.40 typelib-1_0-Gst-1_0 >= 1.12.5-1.17 typelib-1_0-GstBadAllocators-1_0 >= 1.12.5-1.40 typelib-1_0-GstGL-1_0 >= 1.12.5-1.40 typelib-1_0-GstInsertBin-1_0 >= 1.12.5-1.40 typelib-1_0-GstMpegts-1_0 >= 1.12.5-1.40 typelib-1_0-GstPlayer-1_0 >= 1.12.5-1.40
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP3	libgstreamer-1_0-0-32bit >= 1.16.2-1.53
SUSE Linux Enterprise Workstation Extension 15 SP2	gstreamer-plugins-ugly >= 1.16.2-1.75 gstreamer-plugins-ugly-lang >= 1.16.2-1.75
SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1	gstreamer-plugins-ugly >= 1.12.5-1.35 gstreamer-plugins-ugly-lang >= 1.12.5-1.35
openSUSE Leap 15.0	gstreamer >= 1.12.5-lp150.1.1 gstreamer-lang >= 1.12.5-lp150.1.1 gstreamer-plugins-bad >= 1.12.5-lp150.1.3 gstreamer-plugins-bad-lang >= 1.12.5-lp150.1.3 gstreamer-plugins-ugly >= 1.12.5-lp150.1.1 gstreamer-plugins-ugly-lang >= 1.12.5-lp150.1.1 gstreamer-utils >= 1.12.5-lp150.1.1 libgstadaptivedemux-1_0-0 >= 1.12.5-lp150.1.3 libgstbadaudio-1_0-0 >= 1.12.5-lp150.1.3 libgstbadbase-1_0-0 >= 1.12.5-lp150.1.3 libgstbadvideo-1_0-0 >= 1.12.5-lp150.1.3 libgstbasecamerabinsrc-1_0-0 >= 1.12.5-lp150.1.3 libgstcodecparsers-1_0-0 >= 1.12.5-lp150.1.3 libgstgl-1_0-0 >= 1.12.5-lp150.1.3 libgstmpegts-1_0-0 >= 1.12.5-lp150.1.3 libgstphotography-1_0-0 >= 1.12.5-lp150.1.3 libgstreamer-1_0-0 >= 1.12.5-lp150.1.1 libgsturidownloader-1_0-0 >= 1.12.5-lp150.1.3 libgstwayland-1_0-0 >= 1.12.5-lp150.1.3 typelib-1_0-Gst-1_0 >= 1.12.5-lp150.1.1	Patchnames: openSUSE Leap 15.0 GA gstreamer-1.12.5-lp150.1.1 openSUSE Leap 15.0 GA gstreamer-plugins-bad-1.12.5-lp150.1.3 openSUSE Leap 15.0 GA gstreamer-plugins-ugly-1.12.5-lp150.1.1
openSUSE Tumbleweed	gstreamer >= 1.18.5-2.1 gstreamer-32bit >= 1.18.5-2.1 gstreamer-devel >= 1.18.5-2.1 gstreamer-devel-32bit >= 1.18.5-2.1 gstreamer-lang >= 1.18.5-2.1 gstreamer-plugins-bad >= 1.18.5-2.1 gstreamer-plugins-bad-32bit >= 1.18.5-2.1 gstreamer-plugins-bad-chromaprint >= 1.18.5-2.1 gstreamer-plugins-bad-chromaprint-32bit >= 1.18.5-2.1 gstreamer-plugins-bad-devel >= 1.18.5-2.1 gstreamer-plugins-bad-fluidsynth >= 1.18.5-2.1 gstreamer-plugins-bad-fluidsynth-32bit >= 1.18.5-2.1 gstreamer-plugins-bad-lang >= 1.18.5-2.1 gstreamer-plugins-ugly >= 1.18.5-2.1 gstreamer-plugins-ugly-32bit >= 1.18.5-2.1 gstreamer-plugins-ugly-lang >= 1.18.5-2.1 gstreamer-transcoder >= 1.18.5-2.1 gstreamer-transcoder-devel >= 1.18.5-2.1 gstreamer-utils >= 1.18.5-2.1 libgstadaptivedemux-1_0-0 >= 1.18.5-2.1 libgstadaptivedemux-1_0-0-32bit >= 1.18.5-2.1 libgstbadaudio-1_0-0 >= 1.18.5-2.1 libgstbadaudio-1_0-0-32bit >= 1.18.5-2.1 libgstbasecamerabinsrc-1_0-0 >= 1.18.5-2.1 libgstbasecamerabinsrc-1_0-0-32bit >= 1.18.5-2.1 libgstcodecparsers-1_0-0 >= 1.18.5-2.1 libgstcodecparsers-1_0-0-32bit >= 1.18.5-2.1 libgstcodecs-1_0-0 >= 1.18.5-2.1 libgstcodecs-1_0-0-32bit >= 1.18.5-2.1 libgstinsertbin-1_0-0 >= 1.18.5-2.1 libgstinsertbin-1_0-0-32bit >= 1.18.5-2.1 libgstisoff-1_0-0 >= 1.18.5-2.1 libgstisoff-1_0-0-32bit >= 1.18.5-2.1 libgstmpegts-1_0-0 >= 1.18.5-2.1 libgstmpegts-1_0-0-32bit >= 1.18.5-2.1 libgstphotography-1_0-0 >= 1.18.5-2.1 libgstphotography-1_0-0-32bit >= 1.18.5-2.1 libgstplayer-1_0-0 >= 1.18.5-2.1 libgstplayer-1_0-0-32bit >= 1.18.5-2.1 libgstreamer-1_0-0 >= 1.18.5-2.1 libgstreamer-1_0-0-32bit >= 1.18.5-2.1 libgstsctp-1_0-0 >= 1.18.5-2.1 libgstsctp-1_0-0-32bit >= 1.18.5-2.1 libgsttranscoder-1_0-0 >= 1.18.5-2.1 libgsturidownloader-1_0-0 >= 1.18.5-2.1 libgsturidownloader-1_0-0-32bit >= 1.18.5-2.1 libgstvulkan-1_0-0 >= 1.18.5-2.1 libgstvulkan-1_0-0-32bit >= 1.18.5-2.1 libgstwayland-1_0-0 >= 1.18.5-2.1 libgstwayland-1_0-0-32bit >= 1.18.5-2.1 libgstwebrtc-1_0-0 >= 1.18.5-2.1 libgstwebrtc-1_0-0-32bit >= 1.18.5-2.1 typelib-1_0-Gst-1_0 >= 1.18.5-2.1 typelib-1_0-Gst-1_0-32bit >= 1.18.5-2.1 typelib-1_0-GstBadAudio-1_0 >= 1.18.5-2.1 typelib-1_0-GstCodecs-1_0 >= 1.18.5-2.1 typelib-1_0-GstInsertBin-1_0 >= 1.18.5-2.1 typelib-1_0-GstMpegts-1_0 >= 1.18.5-2.1 typelib-1_0-GstPlayer-1_0 >= 1.18.5-2.1 typelib-1_0-GstTranscoder-1_0 >= 1.18.5-2.1 typelib-1_0-GstVulkan-1_0 >= 1.18.5-2.1 typelib-1_0-GstVulkanWayland-1_0 >= 1.18.5-2.1 typelib-1_0-GstVulkanXCB-1_0 >= 1.18.5-2.1 typelib-1_0-GstWebRTC-1_0 >= 1.18.5-2.1	Patchnames: openSUSE Tumbleweed GA gstreamer-1.18.5-2.1 openSUSE Tumbleweed GA gstreamer-plugins-bad-1.18.5-2.1 openSUSE Tumbleweed GA gstreamer-plugins-ugly-1.18.5-2.1