MGASA-2017-0348

Advisory lineage Upstream: 5 Downstream: 0

Upstream

CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845

Published: 21 Sept 2017, 13:43

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Sept 2017, 13:43

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service (CVE-2016-10198). A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (CVE-2016-10199). A crafted AVI file could have caused an invalid read and thus corruption or denial of service (CVE-2017-5840). A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (CVE-2017-5841). A crafted AVI file could have caused an invalid read access resulting in denial of service (CVE-2017-5845). Note that GStreamer 0.10 was only affected by CVE-2016-10198 and CVE-2017-5840.

Affected Systems

mageia•gstreamer0.10-plugins-good
< 0.10.31-9.2.mga5
mageia•gstreamer1.0-plugins-good
< 1.4.3-2.2.mga5

MGASA-2017-0348

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)