CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5846
https://notcve.org/view.php?id=CVE-2017-5846
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. La función gst_asf_demux_process_ext_stream_props en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores relacionados con el número de idiomas en un archivo de vídeo. • http://www.debian.org/security/2017/dsa-3821 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://bugzilla.gnome.org/show_bug.cgi?id=777937 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html https://security.gentoo.org/glsa/201705-10 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2017-5847
https://notcve.org/view.php?id=CVE-2017-5847
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. La función gst_asf_demux_process_ext_content_desc en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican descriptores de contenido extendidos. • http://www.debian.org/security/2017/dsa-3821 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3 https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37 https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html https://security.gentoo.org/glsa/201705-10 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10198 – gstreamer-plugins-good: Invalid memory read in gst_aac_parse_sink_setcaps
https://notcve.org/view.php?id=CVE-2016-10198
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. La función gst_aac_parse_sink_setcaps en gst/audioparsers/gstaacparse.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo de audio manipulado. • http://www.debian.org/security/2017/dsa-3820 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=775450 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html https://security.gentoo.org/glsa/201705- • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10199 – gstreamer-plugins-good: Out of bounds read in qtdemux_tag_add_str_full
https://notcve.org/view.php?id=CVE-2016-10199
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. La función qtdemux_tag_add_str_full en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un valor de etiqueta manipulado. • http://www.debian.org/security/2017/dsa-3820 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=775451 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2016-10199 https:/ • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5837 – gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5837
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (excepción en punto flotante y caída) a través de un archivo de vídeo manipulado. • http://www.debian.org/security/2017/dsa-3819 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777262 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html https://security.gentoo.org/glsa/201705- • CWE-369: Divide By Zero •