{"affected":[{"ecosystem_specific":{"binaries":[{"gstreamer-plugins-good":"1.8.3-12.12","gstreamer-plugins-good-lang":"1.8.3-12.12"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"gstreamer-plugins-good","purl":"pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.3-12.12"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gstreamer-plugins-good":"1.8.3-12.12","gstreamer-plugins-good-lang":"1.8.3-12.12"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"gstreamer-plugins-good","purl":"pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.3-12.12"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gstreamer-plugins-good":"1.8.3-12.12","gstreamer-plugins-good-lang":"1.8.3-12.12"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"gstreamer-plugins-good","purl":"pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.3-12.12"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gstreamer-plugins-good":"1.8.3-12.12","gstreamer-plugins-good-lang":"1.8.3-12.12"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"gstreamer-plugins-good","purl":"pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.3-12.12"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for gstreamer-plugins-good fixes the following issues:\n\n- A crafted aac audio file could have caused an invalid read and thus\n  corruption or denial of service (bsc#1024014, CVE-2016-10198)\n- A crafted mp4 file could have caused an invalid read and thus corruption or\n  denial of service (bsc#1024017, CVE-2016-10199)\n- A crafted avi file could have caused an invalid read and thus corruption or\n  denial of service (bsc#1024034, CVE-2017-5840)\n- A crafted AVI file with metadata tag entries (ncdt) could have caused\n  invalid read access and thus corruption or denial of service (bsc#1024030,\n  CVE-2017-5841)\n- A crafted avi file could have caused an invalid read access resulting in\n  denial of service (bsc#1024062, CVE-2017-5845)\n","id":"SUSE-SU-2017:1010-1","modified":"2017-04-13T09:59:27Z","published":"2017-04-13T09:59:27Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171010-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1024014"},{"type":"REPORT","url":"https://bugzilla.suse.com/1024017"},{"type":"REPORT","url":"https://bugzilla.suse.com/1024030"},{"type":"REPORT","url":"https://bugzilla.suse.com/1024034"},{"type":"REPORT","url":"https://bugzilla.suse.com/1024062"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10198"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10199"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5841"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5845"}],"related":["CVE-2016-10198","CVE-2016-10199","CVE-2017-5840","CVE-2017-5841","CVE-2017-5845"],"summary":"Security update for gstreamer-plugins-good","upstream":["CVE-2016-10198","CVE-2016-10199","CVE-2017-5840","CVE-2017-5841","CVE-2017-5845"]}