CVE-2017-5839
gstreamer-plugins-base: Stack overflow in gst_riff_create_audio_caps
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 no limita adecuadamente la recursión, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de pila y caída) a través de vectores que implican WAVEFORMATEX anidado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-02-01 CVE Reserved
- 2017-02-09 CVE Published
- 2024-05-12 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-674: Uncontrolled Recursion
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2017/02/01/7 | Mailing List | |
http://www.openwall.com/lists/oss-security/2017/02/02/9 | Mailing List | |
http://www.securityfocus.com/bid/96001 | Third Party Advisory | |
https://bugzilla.gnome.org/show_bug.cgi?id=777265 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3819 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2017:2060 | 2019-10-03 | |
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 | 2019-10-03 | |
https://security.gentoo.org/glsa/201705-10 | 2019-10-03 | |
https://access.redhat.com/security/cve/CVE-2017-5839 | 2017-08-01 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1419586 | 2017-08-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gstreamer Project Search vendor "Gstreamer Project" | Gstreamer Search vendor "Gstreamer Project" for product "Gstreamer" | <= 1.10.2 Search vendor "Gstreamer Project" for product "Gstreamer" and version " <= 1.10.2" | - |
Affected
|