Vulnerabilities > Gstreamer Project > Gstreamer > 0.10.31
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-09 | CVE-2017-5847 | Out-of-bounds Read vulnerability in multiple products The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | 7.5 |
| 2017-02-09 | CVE-2017-5846 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | 5.5 |
| 2017-02-09 | CVE-2017-5845 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. | 7.5 |
| 2017-02-09 | CVE-2017-5844 | Divide By Zero vulnerability in Gstreamer Project Gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. | 5.5 |
| 2017-02-09 | CVE-2017-5843 | Use After Free vulnerability in Gstreamer Project Gstreamer Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. | 7.5 |
| 2017-02-09 | CVE-2017-5842 | Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | 5.5 |
| 2017-02-09 | CVE-2017-5841 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. | 7.5 |
| 2017-02-09 | CVE-2017-5840 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. | 7.5 |
| 2017-02-09 | CVE-2017-5839 | Uncontrolled Recursion vulnerability in Gstreamer Project Gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. | 7.5 |
| 2017-02-09 | CVE-2017-5838 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | 7.5 |