CVE-2016-10199 – gstreamer-plugins-good: Out of bounds read in qtdemux_tag_add_str_full
https://notcve.org/view.php?id=CVE-2016-10199
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. La función qtdemux_tag_add_str_full en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un valor de etiqueta manipulado. • http://www.debian.org/security/2017/dsa-3820 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=775451 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2016-10199 https:/ • CWE-125: Out-of-bounds Read •
CVE-2017-5837 – gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5837
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (excepción en punto flotante y caída) a través de un archivo de vídeo manipulado. • http://www.debian.org/security/2017/dsa-3819 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777262 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html https://security.gentoo.org/glsa/201705- • CWE-369: Divide By Zero •
CVE-2017-5838 – gstreamer: Out-of-bounds read in gst_date_time_new_from_iso8601_string()
https://notcve.org/view.php?id=CVE-2017-5838
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. La función gst_date_time_new_from_iso8601_string en gst/gstdatetime.c en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de una cadena datetime mal formada. • http://www.debian.org/security/2017/dsa-3822 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777263 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2017-5838 https:/ • CWE-125: Out-of-bounds Read •
CVE-2017-5839 – gstreamer-plugins-base: Stack overflow in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5839
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 no limita adecuadamente la recursión, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de pila y caída) a través de vectores que implican WAVEFORMATEX anidado. • http://www.debian.org/security/2017/dsa-3819 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777265 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2017-5839 https:/ • CWE-674: Uncontrolled Recursion •
CVE-2017-5840 – gstreamer-plugins-good: Out of bounds heap read in qtdemux_parse_samples
https://notcve.org/view.php?id=CVE-2017-5840
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. La función qtdemux_parse_samples en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican el índice stts actual. • http://www.debian.org/security/2017/dsa-3820 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777469 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html https://security.gentoo.org/glsa/201705- • CWE-125: Out-of-bounds Read •