Rapid7 Vulnerability & Exploit Database

RHSA-2011:0477: gstreamer-plugins security update

Back to Search

RHSA-2011:0477: gstreamer-plugins security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
05/09/2011
Created
07/25/2018
Added
05/12/2011
Modified
07/04/2017

Description

The gstreamer-plugins packages contain plug-ins used by the GStreamerstreaming-media framework to support a wide variety of media formats.An integer overflow flaw, leading to a heap-based buffer overflow, and astack-based buffer overflow flaw were found in various ModPlug music fileformat library (libmodplug) modules, embedded in GStreamer. An attackercould create specially-crafted music files that, when played by a victim,would cause applications using GStreamer to crash or, potentially, executearbitrary code. (CVE-2006-4192, CVE-2011-1574)All users of gstreamer-plugins are advised to upgrade to these updatedpackages, which contain backported patches to correct these issues. Afterinstalling the update, all applications using GStreamer (such as Rhythmbox)must be restarted for the changes to take effect.

Solution(s)

  • redhat-upgrade-gstreamer-plugins
  • redhat-upgrade-gstreamer-plugins-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;