An off-by-one heap read was found in gst_h264_parse_set_caps triggered by creafted mkv/h264 file. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=774896 CVE assignment: http://seclists.org/oss-sec/2016/q4/589
Created mingw-gstreamer1-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1401948]
Created gstreamer1-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1401946]
Created gstreamer-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1401945]
Created mingw-gstreamer-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1401947]
Upstream patch: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=1dbfef93d6aca245f1793f9b5348a9dbcd02be97
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0018 https://rhn.redhat.com/errata/RHSA-2017-0018.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0021 https://rhn.redhat.com/errata/RHSA-2017-0021.html