Vulnerabilities > Gstreamer Project > Gstreamer > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-19 | CVE-2022-1924 | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using lzo decompression. | 7.8 |
| 2022-07-19 | CVE-2022-1925 | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. | 7.8 |
| 2022-07-19 | CVE-2022-2122 | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in qtdemux using zlib decompression. | 7.8 |
| 2021-04-19 | CVE-2021-3498 | Out-of-bounds Write vulnerability in multiple products GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | 7.8 |
| 2021-04-19 | CVE-2021-3497 | Use After Free vulnerability in multiple products GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | 7.8 |
| 2019-04-24 | CVE-2019-9928 | Out-of-bounds Write vulnerability in multiple products GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. | 8.8 |
| 2017-02-09 | CVE-2017-5848 | Out-of-bounds Read vulnerability in multiple products The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | 7.5 |
| 2017-02-09 | CVE-2017-5847 | Out-of-bounds Read vulnerability in multiple products The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | 7.5 |
| 2017-02-09 | CVE-2017-5845 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. | 7.5 |
| 2017-02-09 | CVE-2017-5843 | Use After Free vulnerability in Gstreamer Project Gstreamer Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. | 7.5 |