CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-5839 – gstreamer-plugins-base: Stack overflow in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5839
09 Feb 2017 — The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 no limita adecuadamente la recursión, lo que permite a atacantes remotos provocar una den... • http://www.debian.org/security/2017/dsa-3819 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10199 – gstreamer-plugins-good: Out of bounds read in qtdemux_tag_add_str_full
https://notcve.org/view.php?id=CVE-2016-10199
09 Feb 2017 — The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. La función qtdemux_tag_add_str_full en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un valor de etiqueta manipulado. GStreamer is a streaming... • http://www.debian.org/security/2017/dsa-3820 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10198 – gstreamer-plugins-good: Invalid memory read in gst_aac_parse_sink_setcaps
https://notcve.org/view.php?id=CVE-2016-10198
09 Feb 2017 — The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. La función gst_aac_parse_sink_setcaps en gst/audioparsers/gstaacparse.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo de audio manipul... • http://www.debian.org/security/2017/dsa-3820 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5838 – gstreamer: Out-of-bounds read in gst_date_time_new_from_iso8601_string()
https://notcve.org/view.php?id=CVE-2017-5838
09 Feb 2017 — The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. La función gst_date_time_new_from_iso8601_string en gst/gstdatetime.c en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de una cadena datetime mal formada. GStreamer is a streaming medi... • http://www.debian.org/security/2017/dsa-3822 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5845 – gstreamer-plugins-good: Invalid memory read in gst_avi_demux_parse_ncdt
https://notcve.org/view.php?id=CVE-2017-5845
09 Feb 2017 — The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. La función gst_avi_demux_parse_ncdt en gst/avi/gstavidemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de una sub etiqueta... • http://www.debian.org/security/2017/dsa-3820 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 15EXPL: 0CVE-2017-5848 – gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm
https://notcve.org/view.php?id=CVE-2017-5848
09 Feb 2017 — The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. La función gst_ps_demux_parse_psm en gst/mpegdemux/gstmpegdemux.c en gst-plugins-bad en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores que implican análisis PSM. GStreamer is a streaming media framework ba... • http://www.debian.org/security/2017/dsa-3818 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5837 – gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5837
09 Feb 2017 — The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (excepción en punto flotante y caída) a través de un archivo de vídeo man... • http://www.debian.org/security/2017/dsa-3819 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5840 – gstreamer-plugins-good: Out of bounds heap read in qtdemux_parse_samples
https://notcve.org/view.php?id=CVE-2017-5840
09 Feb 2017 — The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. La función qtdemux_parse_samples en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican el índice stt... • http://www.debian.org/security/2017/dsa-3820 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5842 – gstreamer-plugins-base: Out-of-bounds heap read in html_context_handle_element
https://notcve.org/view.php?id=CVE-2017-5842
09 Feb 2017 — The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. La función html_context_handle_element en gst/subparse/samiparse.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) a través de un archivo SMI mani... • http://www.debian.org/security/2017/dsa-3819 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5844 – gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5844
09 Feb 2017 — The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (excepción de punto flotante y caída) a través de un archivo ASF manipulado... • http://www.debian.org/security/2017/dsa-3819 • CWE-369: Divide By Zero •