Bug 1210567
| Summary: | gstreamer-plugins-bad: Heap-based buffer overflow when parsing H.264 video format | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | jgrulich, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-06-13 21:04:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1218249 | ||
| Bug Blocks: | 1208735 | ||
|
Description
Huzaifa S. Sidhpurwala
2015-04-10 05:49:48 UTC
Created gstreamer-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1218249] The most important attack vector for this issue is remote exploitation via malicious web content as rendered by firefox. However this issue was addressed in firefox as shipped with Red Hat Enterprise Linux via the following advisory: https://rhn.redhat.com/errata/RHSA-2015-0988.html This issue is addressed in Firefox by blacklisting the affected plugin. Statement: This issue does not affect the version of gstreamer-plugins-bad package as shipped with Red Hat Enterprise Linux 6. This issue affects the version of gstreamer-plugins-bad package as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw. |