Page 6 of 38 results (0.410 seconds)

CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2016-9810 – gstreamer: Invalid memory read in g_type_check_instance_is_fundamentally_a

https://notcve.org/view.php?id=CVE-2016-9810

The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. La función gst_decode_chain_free_internal en el decodificador flxdex en gst-plugins-good en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo no válido, lo que desencadena una llamada unref incorrecta . • http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95163 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=774897 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2016-9810 https://bugzilla.redhat.com/show_bug.cgi?id=1401913 • CWE-125: Out-of-bounds Read •

CVSS: 4.7EPSS: 1%CPEs: 16EXPL: 0

CVE-2016-9811 – gstreamer: Out of bounds heap read in windows_icon_typefind

https://notcve.org/view.php?id=CVE-2016-9811

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. La función windows_icon_typefind en gst-plugins-base en GStreamer en versiones anteriores a 1.10.2, cuando G_SLICE esta configurado para malloc siempre, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites) a través de un archivo ico manipulado. • http://www.debian.org/security/2017/dsa-3819 http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95161 https://access.redhat.com/errata/RHSA-2017:2060 https://bugzilla.gnome.org/show_bug.cgi?id=774902 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html https://lists.fedoraproject.org/archives/lis • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9809 – gstreamer-plugins-bad-free: Off-by-one read in gst_h264_parse_set_caps

https://notcve.org/view.php?id=CVE-2016-9809

Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. Error por un paso en la función gst_h264_parse_set_caps en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos tener un impacto no especificado a través de un archivo manipulado, lo que desencadena una lectura fuera de límites. An out-of-bounds heap read flaw was found in GStreamer's H.264 parser. A remote attacker could use this flaw to cause an application using GStreamer to crash. • http://rhn.redhat.com/errata/RHSA-2017-0018.html http://rhn.redhat.com/errata/RHSA-2017-0021.html http://www.debian.org/security/2017/dsa-3818 http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95147 https://bugzilla.gnome.org/show_bug.cgi?id=774896 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://lists.debian.org/debian-lts-announce/2020/03&# • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

CVE-2016-9812 – gstreamer1-plugins-bad-free: Out-of-bounds read in gst_mpegts_section_new

https://notcve.org/view.php?id=CVE-2016-9812

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. La función gst_mpegts_section_new en el decodificador mpegts en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites) a través de una sección demasiado pequeña. An out-of-bounds heap read flaw was found in GStreamer's MPEG-TS decoder. A remote attacker could use this flaw to cause an application using GStreamer to crash. • http://rhn.redhat.com/errata/RHSA-2017-0021.html http://www.debian.org/security/2017/dsa-3818 http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95160 https://bugzilla.gnome.org/show_bug.cgi?id=775048 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/security/cve/CVE-2016-9812 https:& • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1

CVE-2016-9813 – GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference

https://notcve.org/view.php?id=CVE-2016-9813

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. La función _parse_pat en el intérprete mpegts en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo manipulado. A NULL pointer dereference flaw was found in GStreamer's MPEG-TS parser. A remote attacker could use this flaw to cause an application using GStreamer to crash. GStreamer suffers from a null pointer dereference vulnerability in the gst-plugins-bad plugin. • https://www.exploit-db.com/exploits/42162 http://rhn.redhat.com/errata/RHSA-2017-0021.html http://www.debian.org/security/2017/dsa-3818 http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95158 https://bugzilla.gnome.org/show_bug.cgi?id=775120 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://security.gentoo.org/glsa/201705-10 https://access • CWE-476: NULL Pointer Dereference •