CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2016-9445 – gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder
https://notcve.org/view.php?id=CVE-2016-9445
21 Dec 2016 — Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. Desbordamiento de entero en el decodificador vmnc en el gstreamer permite a atacantes remotos provocar una denegación de servicio (caída) a través de valores de anchura y altura grandes, lo que desencadena un desbordamiento de búfer. An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VM... • http://rhn.redhat.com/errata/RHSA-2016-2974.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2016-9447 – gstreamer-plugins-bad-free: Memory corruption flaw in NSF decoder
https://notcve.org/view.php?id=CVE-2016-9447
21 Dec 2016 — The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file. Los mapeos ROM en el decodificador NSF en gstreamer 0.10.x permiten a atacantes remotos provocar una denegación de servicio (lectura o escritura fuera de límites) y posiblemente ejecutar código arbitrario a través de un archivo de música NSF manipulado. A memory corruption flaw was found in GStreamer's Nint... • http://rhn.redhat.com/errata/RHSA-2016-2974.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-0797 – Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)
https://notcve.org/view.php?id=CVE-2015-0797
16 Apr 2015 — GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. GStreamer anterior a 1.4.5, utilizado en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 en Linux, permite a atacantes remotos causar una denegación de servi... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2009-0586 – gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_coverart()
https://notcve.org/view.php?id=CVE-2009-0586
14 Mar 2009 — Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en la función gst_vorbis_tag_add_coverart (archivo gst-libs/gst/tag/gstvorbistag.c) en vorbistag en gst-plugins-base ... • http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9 • CWE-190: Integer Overflow or Wraparound •