Vulnerabilities > Gstreamer Project

DATE CVE VULNERABILITY TITLE RISK
2017-02-09 CVE-2017-5841 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
network
low complexity
gstreamer-project CWE-125
7.5
2017-02-09 CVE-2017-5840 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
network
low complexity
gstreamer-project CWE-125
7.5
2017-02-09 CVE-2017-5839 Uncontrolled Recursion vulnerability in Gstreamer Project Gstreamer
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
network
low complexity
gstreamer-project CWE-674
7.5
2017-02-09 CVE-2017-5838 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
network
low complexity
gstreamer-project CWE-125
7.5
2017-02-09 CVE-2017-5837 Divide By Zero vulnerability in Gstreamer Project Gstreamer
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
local
low complexity
gstreamer-project CWE-369
5.5
2017-02-09 CVE-2016-10199 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
network
low complexity
gstreamer-project CWE-125
7.5
2017-02-09 CVE-2016-10198 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
local
low complexity
gstreamer-project CWE-125
5.5
2017-01-23 CVE-2016-9447 Out-of-bounds Write vulnerability in Gstreamer Project Gstreamer
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
local
low complexity
gstreamer-project CWE-787
7.8
2017-01-23 CVE-2016-9446 Improper Initialization vulnerability in multiple products
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
7.5
2017-01-23 CVE-2016-9445 Integer Overflow or Wraparound vulnerability in Gstreamer Project Gstreamer 1.10.0
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
network
low complexity
gstreamer-project CWE-190
7.5