An out-of-bounds read in qtdemux_tag_add_str_full was found that can be triggered by specially crafted file. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=775451 Upstream patch: https://github.com/GStreamer/gst-plugins-good/commit/d0949baf3dadea6021d54abef6802fed5a06af75 CVE assignment: http://seclists.org/oss-sec/2017/q1/284
Created mingw-gstreamer1-plugins-good tracking bugs for this issue: Affects: fedora-all [bug 1419611]
Created mingw-gstreamer-plugins-good tracking bugs for this issue: Affects: fedora-all [bug 1419610]
Created gstreamer-plugins-good tracking bugs for this issue: Affects: fedora-all [bug 1419608]
Created gstreamer1-plugins-good tracking bugs for this issue: Affects: fedora-all [bug 1419609]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2060 https://access.redhat.com/errata/RHSA-2017:2060