CVE-2017-5846
https://notcve.org/view.php?id=CVE-2017-5846
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. La función gst_asf_demux_process_ext_stream_props en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores relacionados con el número de idiomas en un archivo de vídeo. • http://www.debian.org/security/2017/dsa-3821 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://bugzilla.gnome.org/show_bug.cgi?id=777937 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html https://security.gentoo.org/glsa/201705-10 • CWE-125: Out-of-bounds Read •
CVE-2017-5847
https://notcve.org/view.php?id=CVE-2017-5847
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. La función gst_asf_demux_process_ext_content_desc en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican descriptores de contenido extendidos. • http://www.debian.org/security/2017/dsa-3821 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3 https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37 https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html https://security.gentoo.org/glsa/201705-10 • CWE-125: Out-of-bounds Read •
CVE-2017-5848 – gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm
https://notcve.org/view.php?id=CVE-2017-5848
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. La función gst_ps_demux_parse_psm en gst/mpegdemux/gstmpegdemux.c en gst-plugins-bad en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores que implican análisis PSM. • http://www.debian.org/security/2017/dsa-3818 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2017-5848 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVE-2016-9446 – gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak
https://notcve.org/view.php?id=CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. El decodificador vmnc en el gstreamer no inicializa el lienzo de renderizado, lo que permite a permite a atacantes remotos obtener información sensible como se demuestra mediante la miniatura de una simple película vmnc de un frame que no dibuja el lienzo de renderizado asignado. • http://www.openwall.com/lists/oss-security/2016/11/18/12 http://www.openwall.com/lists/oss-security/2016/11/18/13 http://www.securityfocus.com/bid/94423 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=774533 https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ http • CWE-456: Missing Initialization of a Variable CWE-665: Improper Initialization •
CVE-2016-9810 – gstreamer: Invalid memory read in g_type_check_instance_is_fundamentally_a
https://notcve.org/view.php?id=CVE-2016-9810
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. La función gst_decode_chain_free_internal en el decodificador flxdex en gst-plugins-good en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo no válido, lo que desencadena una llamada unref incorrecta . • http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95163 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=774897 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2016-9810 https://bugzilla.redhat.com/show_bug.cgi?id=1401913 • CWE-125: Out-of-bounds Read •