CVE-2017-5844 – gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5844
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (excepción de punto flotante y caída) a través de un archivo ASF manipulado. • http://www.debian.org/security/2017/dsa-3819 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777525 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html https://security.gentoo.org/glsa/201705- • CWE-369: Divide By Zero •
CVE-2017-5848 – gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm
https://notcve.org/view.php?id=CVE-2017-5848
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. La función gst_ps_demux_parse_psm en gst/mpegdemux/gstmpegdemux.c en gst-plugins-bad en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores que implican análisis PSM. • http://www.debian.org/security/2017/dsa-3818 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2017-5848 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVE-2017-5839 – gstreamer-plugins-base: Stack overflow in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5839
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 no limita adecuadamente la recursión, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de pila y caída) a través de vectores que implican WAVEFORMATEX anidado. • http://www.debian.org/security/2017/dsa-3819 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=777265 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2017-5839 https:/ • CWE-674: Uncontrolled Recursion •
CVE-2016-10198 – gstreamer-plugins-good: Invalid memory read in gst_aac_parse_sink_setcaps
https://notcve.org/view.php?id=CVE-2016-10198
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. La función gst_aac_parse_sink_setcaps en gst/audioparsers/gstaacparse.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo de audio manipulado. • http://www.debian.org/security/2017/dsa-3820 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=775450 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html https://security.gentoo.org/glsa/201705- • CWE-125: Out-of-bounds Read •
CVE-2017-5846
https://notcve.org/view.php?id=CVE-2017-5846
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. La función gst_asf_demux_process_ext_stream_props en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores relacionados con el número de idiomas en un archivo de vídeo. • http://www.debian.org/security/2017/dsa-3821 http://www.openwall.com/lists/oss-security/2017/02/01/7 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.securityfocus.com/bid/96001 https://bugzilla.gnome.org/show_bug.cgi?id=777937 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html https://security.gentoo.org/glsa/201705-10 • CWE-125: Out-of-bounds Read •