Fluid Attacks Database

Description

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.5	gst-plugins-good1	=1.0.0-r0 \|\| =1.0.0-r1 \|\| =1.0.1-r0 \|\| =1.0.1-r1 \|\| =1.0.10-r0 \|\| =1.0.2-r0 \|\| =1.0.3-r0 \|\| =1.0.4-r0 \|\| =1.0.4-r1 \|\| =1.0.5-r0 \|\| =1.0.6-r0 \|\| =1.0.7-r0 \|\| =1.0.8-r0 \|\| =1.0.9-r0 \|\| =1.0.9-r1 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.2.4-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.6.1-r0 \|\| =1.6.3-r0 \|\| =1.8.0-r0 \|\| =1.8.1-r0 \|\| =1.8.1-r1 \|\| =1.8.1-r2 \|\| =1.8.1-r3 \|\| >=0 <1.8.3-r0	1.8.3-r0
debian 11	gst-plugins-good1.0	>=0 <1.10.1-2	1.10.1-2
alpine v3.7	gst-plugins-good	=1.0.0-r0 \|\| =1.0.0-r1 \|\| =1.0.1-r0 \|\| =1.0.1-r1 \|\| =1.0.10-r0 \|\| =1.0.2-r0 \|\| =1.0.3-r0 \|\| =1.0.4-r0 \|\| =1.0.4-r1 \|\| =1.0.5-r0 \|\| =1.0.6-r0 \|\| =1.0.7-r0 \|\| =1.0.8-r0 \|\| =1.0.9-r0 \|\| =1.0.9-r1 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.2.4-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.6.1-r0 \|\| =1.6.3-r0 \|\| =1.8.0-r0 \|\| =1.8.1-r0 \|\| =1.8.1-r1 \|\| =1.8.1-r2 \|\| =1.8.1-r3 \|\| >=0 <1.10.4-r0	1.10.4-r0
alpine v3.6	gst-plugins-good1	=1.0.0-r0 \|\| =1.0.0-r1 \|\| =1.0.1-r0 \|\| =1.0.1-r1 \|\| =1.0.10-r0 \|\| =1.0.2-r0 \|\| =1.0.3-r0 \|\| =1.0.4-r0 \|\| =1.0.4-r1 \|\| =1.0.5-r0 \|\| =1.0.6-r0 \|\| =1.0.7-r0 \|\| =1.0.8-r0 \|\| =1.0.9-r0 \|\| =1.0.9-r1 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.2.4-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.6.1-r0 \|\| =1.6.3-r0 \|\| =1.8.0-r0 \|\| =1.8.1-r0 \|\| =1.8.1-r1 \|\| =1.8.1-r2 \|\| =1.8.1-r3 \|\| >=0 <1.10.4-r0	1.10.4-r0
rpm rhel7	gstreamer-plugins-good	<0:0.10.31-12.el7_3	0:0.10.31-12.el7_3
alpine v3.4	gst-plugins-good1	=1.0.0-r0 \|\| =1.0.0-r1 \|\| =1.0.1-r0 \|\| =1.0.1-r1 \|\| =1.0.10-r0 \|\| =1.0.2-r0 \|\| =1.0.3-r0 \|\| =1.0.4-r0 \|\| =1.0.4-r1 \|\| =1.0.5-r0 \|\| =1.0.6-r0 \|\| =1.0.7-r0 \|\| =1.0.8-r0 \|\| =1.0.9-r0 \|\| =1.0.9-r1 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.2.4-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.6.1-r0 \|\| =1.6.3-r0 \|\| =1.8.0-r0 \|\| =1.8.1-r0 \|\| =1.8.1-r1 \|\| >=0 <1.8.3-r0	1.8.3-r0
debian 14	gst-plugins-good1.0	>=0 <1.10.1-2	1.10.1-2
rpm rhel6	gstreamer-plugins-good	<0:0.10.23-4.el6_8	0:0.10.23-4.el6_8
debian 12	gst-plugins-good1.0	>=0 <1.10.1-2	1.10.1-2
debian 13	gst-plugins-good1.0	>=0 <1.10.1-2	1.10.1-2

1-10 of 12

Aliases

1. CVE-2016-96352. NVD-2016-96353. OSV-ALPINE-2016-96354. OSV-2016-96355. OSV-DEBIAN-2016-96356. SECURITY-CVE-2016-96357. SECURITY-TRACKER-CVE-2016-9635

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.