CVE-2016-10198

MEDIUM
2017-02-09 [email protected]
5.5
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Feb 09, 2017 - 15:59 nvd
MEDIUM 5.5

Tags

Denial Of Service Buffer Overflow Linux Gstreamer

Description

The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.

Analysis

An invalid memory read vulnerability exists in the gst_aac_parse_sink_setcaps function within GStreamer's AAC audio parser component (gst-plugins-good). Remote attackers can trigger a denial of service by providing a specially crafted AAC audio file, causing the application to crash. With an EPSS score of 0.76% (73rd percentile) and low attack complexity requiring only user interaction to open a malicious file, this vulnerability represents a moderate practical risk despite the moderate CVSS 5.5 score.

Technical Context

The vulnerability resides in GStreamer's audio parsing infrastructure, specifically in the Advanced Audio Coding (AAC) parser module within gst-plugins-good. The affected component (gst/audioparsers/gstaacparse.c) handles the capability negotiation during audio stream setup. The root cause is classified as CWE-125 (Out-of-bounds Read), indicating improper bounds checking when reading memory during AAC file parsing. When the gst_aac_parse_sink_setcaps function processes a malformed AAC file with invalid metadata or frame headers, it fails to validate buffer boundaries before dereferencing memory, leading to an out-of-bounds read. GStreamer versions prior to 1.10.3 are affected, as confirmed via CPE cpe:2.3:a:gstreamer:gstreamer. The vulnerability impacts all applications built on or linked against the vulnerable gst-plugins-good library for audio playback functionality.

Affected Products

GStreamer versions prior to 1.10.3 are affected, including gst-plugins-good in all vulnerable releases. The vulnerability is confirmed via CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:* for all versions before the patched release. Debian tracked this in DSA-3820 (2017-04-17), Red Hat addressed it via RHSA-2017:2060, and Gentoo released guidance through GLSA-201705-10. Long-term support distributions including Debian LTS issued updates in May 2020 (debian-lts-announce 2020/05/msg00029). The exact affected version boundary is GStreamer < 1.10.3, with the GNOME bug tracker entry at https://bugzilla.gnome.org/show_bug.cgi?id=775450 providing upstream confirmation.

Remediation

Upgrade GStreamer to version 1.10.3 or later immediately. Users should reference the official GStreamer 1.10.3 release notes at https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 for download and installation instructions. For distribution users, apply vendor-supplied patches: Debian/Ubuntu users should install security updates from DSA-3820 or later; Red Hat/CentOS users should apply RHSA-2017:2060 or subsequent updates. If immediate patching is impossible, implement application-level controls by restricting GStreamer usage to trusted audio sources and disabling automatic media playback from untrusted origins. Organizations running media servers or transcoding services should prioritize this update as a high-priority maintenance task given the widespread deployment of GStreamer in audio/video processing pipelines.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.8
CVSS: +28
POC: 0

Share

CVE-2016-10198 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy