CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-3522 – Ubuntu Security Notice USN-4959-1
https://notcve.org/view.php?id=CVE-2021-3522
18 May 2021 — GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. GStreamer versiones anteriores a 1.18.4, puede llevar a cabo una lectura fuera de límites al manejar determinadas etiquetas ID3v2 Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution. Versions less than 1.16.3 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1954761 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3498 – Gstreamer Matroska Demuxing Use-After-Free
https://notcve.org/view.php?id=CVE-2021-3498
19 Apr 2021 — GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. GStreamer versiones anteriores a 1.18.4, podría causar daños en la pila al analizar determinados archivos Matroska malformado It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause access sensitive information or cause a crash. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly ... • https://packetstorm.news/files/id/162952 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3497 – gstreamer-plugins-good: Use-after-free in matroska demuxing
https://notcve.org/view.php?id=CVE-2021-3497
19 Apr 2021 — GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. GStreamer versiones anteriores a 1.18.4, podría acceder a la memoria ya liberada en rutas de código de error al demultiplexar determinados archivos Matroska malformados It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause access sensitive information or cause a crash. It was discovered that GStreamer Good ... • https://bugzilla.redhat.com/show_bug.cgi?id=1945339 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 4%CPEs: 6EXPL: 0CVE-2019-9928 – Gentoo Linux Security Advisory 202003-33
https://notcve.org/view.php?id=CVE-2019-9928
24 Apr 2019 — GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. GStreamer anterior a la versión 1.16.0 presenta una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el parser de conexión RTSP mediante una respuesta de servidor especialmente diseñada, lo que permite potencialmente la ejecución remota de código. It was discovered that GStreamer Base Plugins did not correctly h... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-5839 – gstreamer-plugins-base: Stack overflow in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5839
09 Feb 2017 — The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 no limita adecuadamente la recursión, lo que permite a atacantes remotos provocar una den... • http://www.debian.org/security/2017/dsa-3819 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-5841 – gstreamer-plugins-good: Heap out-of-bounds read in gst_avi_demux_parse_ncdt
https://notcve.org/view.php?id=CVE-2017-5841
09 Feb 2017 — The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. La función gst_avi_demux_parse_ncdt en gst/avi/gstavidemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican etiquetas ncdt. GS... • http://www.debian.org/security/2017/dsa-3820 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-5845 – gstreamer-plugins-good: Invalid memory read in gst_avi_demux_parse_ncdt
https://notcve.org/view.php?id=CVE-2017-5845
09 Feb 2017 — The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. La función gst_avi_demux_parse_ncdt en gst/avi/gstavidemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de una sub etiqueta... • http://www.debian.org/security/2017/dsa-3820 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5846 – Gentoo Linux Security Advisory 201705-10
https://notcve.org/view.php?id=CVE-2017-5846
09 Feb 2017 — The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. La función gst_asf_demux_process_ext_stream_props en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no v... • http://www.debian.org/security/2017/dsa-3821 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2017-5847 – Gentoo Linux Security Advisory 201705-10
https://notcve.org/view.php?id=CVE-2017-5847
09 Feb 2017 — The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. La función gst_asf_demux_process_ext_content_desc en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican descript... • http://www.debian.org/security/2017/dsa-3821 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 5%CPEs: 15EXPL: 0CVE-2017-5848 – gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm
https://notcve.org/view.php?id=CVE-2017-5848
09 Feb 2017 — The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. La función gst_ps_demux_parse_psm en gst/mpegdemux/gstmpegdemux.c en gst-plugins-bad en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores que implican análisis PSM. GStreamer is a streaming media framework ba... • http://www.debian.org/security/2017/dsa-3818 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •