In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for Debian:11
gst-plugins-good1.0
.
Note: Versions mentioned in the description apply only to the upstream gst-plugins-good1.0
package and not the gst-plugins-good1.0
package as distributed by Debian
.
See How to fix?
for Debian:11
relevant fixed versions and status.
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.