Shodan
Vulnerabilities
Vulnerable Software
Gstreamer:  >> Gstreamer  >> 1.0.4  Security Vulnerabilities
CVE-2016-10199
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
CVSS Score
7.5
EPSS Score
0.031
Published
2017-02-09
CVE-2016-9636
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
CVSS Score
9.8
EPSS Score
0.166
Published
2017-01-27
CVE-2016-9634
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
CVSS Score
9.8
EPSS Score
0.161
Published
2017-01-27
CVE-2016-9635
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
CVSS Score
9.8
EPSS Score
0.161
Published
2017-01-27
CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-01-23
CVE-2016-9808
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
CVSS Score
7.5
EPSS Score
0.055
Published
2017-01-13
CVE-2016-9809
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-01-13
CVE-2016-9810
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
CVSS Score
5.5
EPSS Score
0.007
Published
2017-01-13
CVE-2016-9811
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
CVSS Score
4.7
EPSS Score
0.005
Published
2017-01-13
CVE-2016-9812
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
CVSS Score
7.5
EPSS Score
0.014
Published
2017-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved