Gstreamer Project: >> Gstreamer >> 1.10.0 Security Vulnerabilities
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
CVSS Score
7.5
EPSS Score
0.052
Published
2017-02-09
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
CVSS Score
7.5
EPSS Score
0.024
Published
2017-01-23
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-01-23
Page 8