Page 7 of 38 results (0.008 seconds)

CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1

CVE-2016-9813 – GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference

https://notcve.org/view.php?id=CVE-2016-9813

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. La función _parse_pat en el intérprete mpegts en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo manipulado. A NULL pointer dereference flaw was found in GStreamer's MPEG-TS parser. A remote attacker could use this flaw to cause an application using GStreamer to crash. GStreamer suffers from a null pointer dereference vulnerability in the gst-plugins-bad plugin. • https://www.exploit-db.com/exploits/42162 http://rhn.redhat.com/errata/RHSA-2017-0021.html http://www.debian.org/security/2017/dsa-3818 http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95158 https://bugzilla.gnome.org/show_bug.cgi?id=775120 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://security.gentoo.org/glsa/201705-10 https://access • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2016-9807 – gstreamer-plugins-good: Invalid memory read in flx_decode_chunks

https://notcve.org/view.php?id=CVE-2016-9807

The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. La función flx_decode_chunks en gst/flx/gstflxdec.c en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo FLIC manipulado. An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. • http://rhn.redhat.com/errata/RHSA-2016-2975.html http://rhn.redhat.com/errata/RHSA-2017-0019.html http://rhn.redhat.com/errata/RHSA-2017-0020.html http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95148 https://bugzilla.gnome.org/show_bug.cgi?id=774859 https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff https://gstreamer. • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

CVE-2016-9808 – gstreamer-plugins-good: Heap buffer overflow in FLIC decoder

https://notcve.org/view.php?id=CVE-2016-9808

The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. El decodificador FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída) a través de una serie manipulada de saltar y contar pares. Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2016-2975.html http://rhn.redhat.com/errata/RHSA-2017-0019.html http://rhn.redhat.com/errata/RHSA-2017-0020.html http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 http://www.securityfocus.com/bid/95446 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html https://security. • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0

CVE-2016-9445 – gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder

https://notcve.org/view.php?id=CVE-2016-9445

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. Desbordamiento de entero en el decodificador vmnc en el gstreamer permite a atacantes remotos provocar una denegación de servicio (caída) a través de valores de anchura y altura grandes, lo que desencadena un desbordamiento de búfer. An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2016-2974.html http://rhn.redhat.com/errata/RHSA-2017-0018.html http://rhn.redhat.com/errata/RHSA-2017-0021.html http://www.openwall.com/lists/oss-security/2016/11/18/12 http://www.openwall.com/lists/oss-security/2016/11/18/13 http://www.securityfocus.com/bid/94421 https://bugzilla.gnome.org/show_bug.cgi?id=774533 https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe ht • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2016-9634 – gstreamer-plugins-good: Heap buffer overflow in FLIC decoder

https://notcve.org/view.php?id=CVE-2016-9634

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través del parámetro start_line. Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2016-2975.html http://rhn.redhat.com/errata/RHSA-2017-0019.html http://rhn.redhat.com/errata/RHSA-2017-0020.html http://www.debian.org/security/2016/dsa-3723 http://www.debian.org/security/2016/dsa-3724 http://www.openwall.com/lists/oss-security/2016/11/24/2 http://www.securityfocus.com/bid/94499 https://bugzilla.gnome.org/show_bug.cgi?id=774834 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://scaryb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •