The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak     (CVE-2016-9446)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - gstreamer: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (CVE-2021-3185)

  - The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to     obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not     draw to the allocated render canvas. (CVE-2016-9446)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2060 advisory.

    clutter-gst2     [2.0.18-1]
    - Update to 2.0.18
    - Remove obsolete patches
    - Use license macro for COPYING
    - Resolves: #1386833

    gnome-video-effects     [0.4.3-1]
    - Update to 0.4.3
    - Resolves: #1386968

    [0.4.1-5]
    - Fix URL (rhbz#1380981)

    gstreamer-plugins-bad-free     [0.10.23-23]
    - Rebuild with hardened flags     Resolves: #1420764

    gstreamer-plugins-good     [0.10.31-13]
    - Rebuild with correct hardening flags       Resolves: #1420765

    gstreamer1     [1.10.4-2]
    - fix origin
    - Resolves: #1420650

    [1.10.4-1]
    - Update to 1.10.4
    - update patches
    - Resolves: #1420650

    gstreamer1-plugins-bad-free     [1.10.4-2]
    - Disable plugins
    - Fix origin
    - Resolves: #1429587

    [1.10.4-1]
    - Update to 1.10.4
    - Remove unbuilt plugins
    - Resolves: #1429587

    gstreamer1-plugins-base     [1.10.4-1]
    - Update to 1.10.4
    - Resolves: #1428918

    [1.4.5-3]
    - Fix unit test on ppc64
    - Resolves: #1265905

    gstreamer1-plugins-good     [1.10.4-2]
    - Fix origin       Resolves: #1429577

    [1.10.4-1]
    - Update to 1.10.4       Resolves: #1429577

    orc     [0.4.26-1]
    - Update to 0.4.26
    - Remove upstreamed patches
    - Resolves: #1430051

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Multiple flaws were found in gstreamer1,     gstreamer1-plugins-base, gstreamer1-plugins-good, and     gstreamer1-plugins-bad-free packages. An attacker could     potentially use these flaws to crash applications which     use the GStreamer framework. (CVE-2016-9446,     CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,     CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,     CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,     CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,     CVE-2017-5845, CVE-2017-5848)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

GStreamer is a streaming media framework based on graphs of filters which operate on media data.

The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26).

Security Fix(es) :

* Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26).

Security Fix(es) :

  - Multiple flaws were found in gstreamer1,     gstreamer1-plugins-base, gstreamer1-plugins-good, and     gstreamer1-plugins-bad-free packages. An attacker could     potentially use these flaws to crash applications which     use the GStreamer framework. (CVE-2016-9446,     CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,     CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,     CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,     CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,     CVE-2017-5845, CVE-2017-5848)

The remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code)

    Multiple vulnerabilities have been discovered in various GStreamer       plug-ins. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user or automated system using a       GStreamer plug-in to process a specially crafted file, resulting in the       execution of arbitrary code or a Denial of Service.
  Workaround :

    There is no known workaround at this time.

This update for gstreamer-0_10-plugins-bad fixes the following issues :

  - CVE-2016-9445, CVE-2016-9446: Protection against buffer     overflows (bsc#1010829)

  - CVE-2016-9447: Disable the nsf plugin (bsc#1010514)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes :

  - Check an integer overflow (CVE-2016-9445) and initialize     a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829)

  - CVE-2016-9809: Ensure codec_data has the right size when     reading number of SPS (bsc#1013659).

  - CVE-2016-9812: Add more section size checks     (bsc#1013678).

  - CVE-2016-9813: fix PAT parsing (bsc#1013680).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for gstreamer-0_10-plugins-bad fixes the following issues :

  - CVE-2016-9445, CVE-2016-9446: Protection against buffer     overflows (bsc#1010829)

  - CVE-2016-9447: Disable the nsf plugin (bsc#1010514)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for gstreamer-plugins-bad fixes the following issues :

  - CVE-2016-9809: Malicious mkv/h264 file could cause an     off by one out of bounds read and lead to crash     (bsc#1013659)

  - CVE-2016-9812: Malicious mpeg file could cause invalid a     NULL pointer access and lead to crash (bsc#1013678)

  - CVE-2016-9813: Malicious mpegts file could cause invalid     a NULL pointer access and lead to crash (bsc#1013680)

  - CVE-2016-9445, CVE-2016-9446: Check an integer overflow     and initialize a buffer in vmncdec (bsc#1010829)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes :

  - Check an integer overflow (CVE-2016-9445) and initialize     a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829)

  - CVE-2016-9809: Ensure codec_data has the right size when     reading number of SPS (bsc#1013659).

  - CVE-2016-9812: Add more section size checks     (bsc#1013678).

  - CVE-2016-9813: fix PAT parsing (bsc#1013680).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for gstreamer-plugins-bad fixes the following issues :

  - Maliciously crafted VMnc (VMware video) streams     (typically contained in .avi files) could cause code     execution during decoding or information leaks due to an     uninitialized buffer (CVE-2016-9445, CVE-2016-9446,     boo#1010829).

This update for gstreamer-0_10-plugins-bad fixes the following issues :

  - Maliciously crafted VMnc files (VMware video format)     could lead to crashes (CVE-2016-9445, CVE-2016-9446,     boo#1010829).

  - Maliciously crafted NSF files (NES sound format) could     lead to arbitrary code execution (CESA-2016-0001,     boo#1010514). Therefore for security reasons the NSF     plugin has been removed from the package.

CVE-2016-9445 CVE-2016-9446

Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code. He also found that an initialized buffer may lead into memory disclosure.

CVE-2016-9447

Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code.

For Debian 7 'Wheezy', these problems have been fixed in version 0.10.23-7.1+deb7u3.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
199317	RHEL 6 : gstreamer-plugins-bad-free (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
199311	RHEL 7 : gstreamer-plugins-bad-free (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
180851	Oracle Linux 7 : GStreamer (ELSA-2017-2060)	Nessus	Oracle Linux Local Security Checks	high
103064	EulerOS 2.0 SP2 : gstreamer (EulerOS-SA-2017-1206)	Nessus	Huawei Local Security Checks	high
103063	EulerOS 2.0 SP1 : gstreamer (EulerOS-SA-2017-1205)	Nessus	Huawei Local Security Checks	high
102752	CentOS 7 : clutter-gst2 / gnome-video-effects / gstreamer-plugins-bad-free / etcgstreamer1 / etc (CESA-2017:2060)	Nessus	CentOS Local Security Checks	high
102659	Scientific Linux Security Update : GStreamer on SL7.x x86_64 (20170802)	Nessus	Scientific Linux Local Security Checks	high
102150	RHEL 7 : GStreamer (RHSA-2017:2060)	Nessus	Red Hat Local Security Checks	high
100263	GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	critical
96383	openSUSE Security Update : gstreamer-0_10-plugins-bad (openSUSE-2017-64)	Nessus	SuSE Local Security Checks	high
96382	openSUSE Security Update : gstreamer-plugins-bad (openSUSE-2017-63)	Nessus	SuSE Local Security Checks	high
96335	SUSE SLED12 Security Update : gstreamer-0_10-plugins-bad (SUSE-SU-2017:0028-1)	Nessus	SuSE Local Security Checks	high
96334	SUSE SLED12 Security Update : gstreamer-0_10-plugins-bad (SUSE-SU-2017:0027-1)	Nessus	SuSE Local Security Checks	high
96259	SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2016:3297-1)	Nessus	SuSE Local Security Checks	high
96258	SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2016:3296-1)	Nessus	SuSE Local Security Checks	high
95912	openSUSE Security Update : gstreamer-plugins-bad (openSUSE-2016-1483)	Nessus	SuSE Local Security Checks	high
95818	openSUSE Security Update : gstreamer-0_10-plugins-bad (openSUSE-2016-1481)	Nessus	SuSE Local Security Checks	high
94983	Debian DLA-712-1 : gst-plugins-bad0.10 security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2016-9446

high

Tenable Plugins

high

critical

high

high

high

high

high

high

critical

high

high

high

high

high

high

high

high

high