Vulnerabilities > Gstreamer Project

DATE CVE VULNERABILITY TITLE RISK
2021-04-19 CVE-2021-3497 Use After Free vulnerability in multiple products
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
local
low complexity
gstreamer-project redhat debian CWE-416
7.8
2020-03-27 CVE-2020-6095 NULL Pointer Dereference vulnerability in multiple products
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5.
network
low complexity
gstreamer-project opensuse CWE-476
5.0
2019-04-24 CVE-2019-9928 Out-of-bounds Write vulnerability in multiple products
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
6.8
2017-02-09 CVE-2017-5848 Out-of-bounds Read vulnerability in multiple products
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
network
low complexity
gstreamer-project debian redhat CWE-125
5.0
2017-02-09 CVE-2017-5847 Out-of-bounds Read vulnerability in multiple products
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
network
low complexity
gstreamer-project debian CWE-125
5.0
2017-02-09 CVE-2017-5846 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.
4.3
2017-02-09 CVE-2017-5845 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
network
low complexity
gstreamer-project CWE-125
5.0
2017-02-09 CVE-2017-5844 Divide By Zero vulnerability in Gstreamer Project Gstreamer
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
4.3
2017-02-09 CVE-2017-5843 Use After Free vulnerability in Gstreamer Project Gstreamer
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
network
low complexity
gstreamer-project CWE-416
5.0
2017-02-09 CVE-2017-5842 Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
4.3