Gstreamer Project: >> Gstreamer >> 0.10.7 Security Vulnerabilities
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-07-19
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-06-02
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-04-19
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVSS Score
8.8
EPSS Score
0.085
Published
2019-04-24
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
CVSS Score
5.5
EPSS Score
0.008
Published
2017-02-09
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
CVSS Score
7.5
EPSS Score
0.028
Published
2017-02-09
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
CVSS Score
7.5
EPSS Score
0.024
Published
2017-02-09
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
CVSS Score
7.5
EPSS Score
0.141
Published
2017-02-09
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
CVSS Score
7.5
EPSS Score
0.025
Published
2017-02-09
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
CVSS Score
5.5
EPSS Score
0.008
Published
2017-02-09