A missing initialization of allocated heap memory for render canvas leads to information leak. CVE assignment: http://seclists.org/oss-sec/2016/q4/462 External References: https://scarybeastsecurity.blogspot.sk/2016/11/0day-poc-risky-design-decisions-in.html
Created mingw-gstreamer1 tracking bugs for this issue: Affects: fedora-all [bug 1397067] Affects: epel-7 [bug 1397068]
Created gstreamer tracking bugs for this issue: Affects: fedora-all [bug 1397064]
Created mingw-gstreamer tracking bugs for this issue: Affects: fedora-all [bug 1397066]
Created gstreamer1 tracking bugs for this issue: Affects: fedora-all [bug 1397065]
Upstream patch: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2060 https://access.redhat.com/errata/RHSA-2017:2060