CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 0CVE-2019-9928
https://notcve.org/view.php?id=CVE-2019-9928
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. GStreamer anterior a la versión 1.16.0 presenta una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el parser de conexión RTSP mediante una respuesta de servidor especialmente diseñada, lo que permite potencialmente la ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00049.html https://gstreamer.freedesktop.org/security https://gstreamer.freedesktop.org/security/sa-2019-0001.html https://lists.debian.org/debian-lts-announce/2019/04/msg00030.html https://lists.debian.org/debian-lts-announce/2019/04/msg00031.html https://seclists.org/bugtraq/2019/Apr& • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5838 – gstreamer: Out-of-bounds read in gst_date_time_new_from_iso8601_string()
https://notcve.org/view.php?id=CVE-2017-5838
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. La función gst_date_time_new_from_iso8601_string en gst/gstdatetime.c en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de una cadena datetime mal formada. • http://www.debian.org/security/2017/dsa-3822 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777263 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2017-5838 https:/ • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5842 – gstreamer-plugins-base: Out-of-bounds heap read in html_context_handle_element
https://notcve.org/view.php?id=CVE-2017-5842
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. La función html_context_handle_element en gst/subparse/samiparse.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) a través de un archivo SMI manipulado, file, según lo demostrado por OneNote_Manager.smi. • http://www.debian.org/security/2017/dsa-3819 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777502 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2017-5842 https:/ • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10199 – gstreamer-plugins-good: Out of bounds read in qtdemux_tag_add_str_full
https://notcve.org/view.php?id=CVE-2016-10199
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. La función qtdemux_tag_add_str_full en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un valor de etiqueta manipulado. • http://www.debian.org/security/2017/dsa-3820 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=775451 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2016-10199 https:/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5840 – gstreamer-plugins-good: Out of bounds heap read in qtdemux_parse_samples
https://notcve.org/view.php?id=CVE-2017-5840
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. La función qtdemux_parse_samples en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican el índice stts actual. • http://www.debian.org/security/2017/dsa-3820 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777469 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html https://security.gentoo.org/glsa/201705- • CWE-125: Out-of-bounds Read •