CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44331
https://notcve.org/view.php?id=CVE-2024-44331
22 Oct 2024 — Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. • https://gist.github.com/dqp10515/c6a8879bebe92d8c74f7c52667fd3400 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-4453 – GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4453
17 May 2024 — GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before... • https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.6EPSS: 1%CPEs: 19EXPL: 0CVE-2023-50186 – GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50186
19 Apr 2024 — GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data ... • https://gstreamer.freedesktop.org/security/sa-2023-0011.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1924 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression
https://notcve.org/view.php?id=CVE-2022-1924
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1923 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using bz2 decompression
https://notcve.org/view.php?id=CVE-2022-1923
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce t... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2122 – gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression
https://notcve.org/view.php?id=CVE-2022-2122
19 Jul 2022 — DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. DOS / potencial escritura excesiva de la pila en qtdemux usando descompresión zlib. Desbordamiento de enteros en un elemento de qtdemux en la función qtdemux_inflate que causa un segf... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1925 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression
https://notcve.org/view.php?id=CVE-2022-1925
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. DOS / potencial escritura excesiva de la pila en la demuxación de mkv usando la descompresión HEADERSTRIP. Desbordamiento de enteros en el elemento matroskaparse en la... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1922 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression
https://notcve.org/view.php?id=CVE-2022-1922
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap t... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1920 – gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()
https://notcve.org/view.php?id=CVE-2022-1920
19 Jul 2022 — Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. Desbordamiento de enteros en el elemento matroskademux en la función gst_matroska_demux_add_wvpk_header que permite una sobreescritura en el montón mientras se analizan los archivos matroska. Potencial para la ejecución de código arbitrario a través de la sobreescritura de la pila. A flaw was found ... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1921 – gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files
https://notcve.org/view.php?id=CVE-2022-1921
19 Jul 2022 — Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. Desbordamiento de enteros en el elemento avidemux en la función gst_avi_demux_invert que permite una escritura excesiva de la pila mientras se analizan archivos avi. Potencial para la ejecución de código arbitrario a través de la sobreescritura de la pila. A flaw was found in GStreamer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 • CWE-190: Integer Overflow or Wraparound •