CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0CVE-2017-5840 – gstreamer-plugins-good: Out of bounds heap read in qtdemux_parse_samples
https://notcve.org/view.php?id=CVE-2017-5840
09 Feb 2017 — The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. La función qtdemux_parse_samples en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican el índice stt... • http://www.debian.org/security/2017/dsa-3820 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5842 – gstreamer-plugins-base: Out-of-bounds heap read in html_context_handle_element
https://notcve.org/view.php?id=CVE-2017-5842
09 Feb 2017 — The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. La función html_context_handle_element en gst/subparse/samiparse.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) a través de un archivo SMI mani... • http://www.debian.org/security/2017/dsa-3819 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2017-5843 – gstreamer-plugins-bad-free: Use after free in gst_mini_object_unref / gst_tag_list_unref / gst_mxf_demux_update_essence_tracks
https://notcve.org/view.php?id=CVE-2017-5843
09 Feb 2017 — Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. Múltiples vulnerabilidades de uso después de liberación de memoria en las funciones (1) gst_mini_object_unref, (2) gst_tag_list_unref y (3) gst_mxf_demux_update_essence_tracks en GStreamer en versiones ant... • http://www.debian.org/security/2017/dsa-3818 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5844 – gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps
https://notcve.org/view.php?id=CVE-2017-5844
09 Feb 2017 — The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (excepción de punto flotante y caída) a través de un archivo ASF manipulado... • http://www.debian.org/security/2017/dsa-3819 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2016-9446 – gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak
https://notcve.org/view.php?id=CVE-2016-9446
23 Jan 2017 — The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. El decodificador vmnc en el gstreamer no inicializa el lienzo de renderizado, lo que permite a permite a atacantes remotos obtener información sensible como se demuestra mediante la miniatura de una simple película vmnc de un frame que no dibuja el lienzo de renderi... • http://www.openwall.com/lists/oss-security/2016/11/18/12 • CWE-456: Missing Initialization of a Variable CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9810 – gstreamer: Invalid memory read in g_type_check_instance_is_fundamentally_a
https://notcve.org/view.php?id=CVE-2016-9810
13 Jan 2017 — The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. La función gst_decode_chain_free_internal en el decodificador flxdex en gst-plugins-good en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un ... • http://www.openwall.com/lists/oss-security/2016/12/01/2 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 16EXPL: 0CVE-2016-9811 – gstreamer: Out of bounds heap read in windows_icon_typefind
https://notcve.org/view.php?id=CVE-2016-9811
13 Jan 2017 — The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. La función windows_icon_typefind en gst-plugins-base en GStreamer en versiones anteriores a 1.10.2, cuando G_SLICE esta configurado para malloc siempre, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites) a través de un archivo ico manipulado. GStrea... • http://www.debian.org/security/2017/dsa-3819 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9809 – gstreamer-plugins-bad-free: Off-by-one read in gst_h264_parse_set_caps
https://notcve.org/view.php?id=CVE-2016-9809
05 Jan 2017 — Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. Error por un paso en la función gst_h264_parse_set_caps en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos tener un impacto no especificado a través de un archivo manipulado, lo que desencadena una lectura fuera de límites. An out-of-bounds heap read flaw was found in GStreamer's H.264 parser. A... • http://rhn.redhat.com/errata/RHSA-2017-0018.html • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9812 – gstreamer1-plugins-bad-free: Out-of-bounds read in gst_mpegts_section_new
https://notcve.org/view.php?id=CVE-2016-9812
05 Jan 2017 — The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. La función gst_mpegts_section_new en el decodificador mpegts en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites) a través de una sección demasiado pequeña. An out-of-bounds heap read flaw was found in GStreamer's MPEG-TS decoder. A remote ... • http://rhn.redhat.com/errata/RHSA-2017-0021.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 5%CPEs: 1EXPL: 2CVE-2016-9813 – GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2016-9813
05 Jan 2017 — The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. La función _parse_pat en el intérprete mpegts en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo manipulado. A NULL pointer dereference flaw was found in GStreamer's MPEG-TS parser. A remote attacker could use th... • https://packetstorm.news/files/id/142914 • CWE-476: NULL Pointer Dereference •