Security Advisory 2019-0001 (CVE-2019-9928)
DetailsGStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server. ImpactThe potential exists for a malicious server to trigger remote code execution in a connecting client. Threat mitigationExploitation requires the user to access a malicious RTSP server. WorkaroundsThe user should refrain from opening RTSP streams from untrusted third parties SolutionThe gst-plugins-base 1.16.0 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. ReferencesThe GStreamer projectCVE Database EntriesGStreamer 1.16.0 releasePatches |
Report a problem on this page. |