Rapid7 Vulnerability & Exploit Database

RHSA-2011:1264: gstreamer-plugins security update

Back to Search

RHSA-2011:1264: gstreamer-plugins security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
09/06/2011
Created
07/25/2018
Added
09/07/2011
Modified
07/04/2017

Description

The gstreamer-plugins packages contain plug-ins used by the GStreamerstreaming-media framework to support a wide variety of media formats.An integer overflow flaw, a boundary error, and multiple off-by-one flawswere found in various ModPlug music file format library (libmodplug)modules, embedded in GStreamer. An attacker could create specially-craftedmusic files that, when played by a victim, would cause applications usingGStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)All users of gstreamer-plugins are advised to upgrade to these updatedpackages, which contain backported patches to correct these issues. Afterinstalling the update, all applications using GStreamer (such as Rhythmbox)must be restarted for the changes to take effect.

Solution(s)

  • redhat-upgrade-gstreamer-plugins
  • redhat-upgrade-gstreamer-plugins-devel

References

  • redhat-upgrade-gstreamer-plugins
  • redhat-upgrade-gstreamer-plugins-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;