Shodan
Vulnerabilities
Vulnerable Software
Gstreamer:  Security Vulnerabilities
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-07-26
CVE-2016-9636
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
CVSS Score
9.8
EPSS Score
0.166
Published
2017-01-27
CVE-2016-9634
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
CVSS Score
9.8
EPSS Score
0.205
Published
2017-01-27
CVE-2016-9635
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
CVSS Score
9.8
EPSS Score
0.205
Published
2017-01-27
CVE-2016-9808
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
CVSS Score
7.5
EPSS Score
0.072
Published
2017-01-13
CVE-2016-9809
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-01-13
CVE-2016-9810
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
CVSS Score
5.5
EPSS Score
0.007
Published
2017-01-13
CVE-2016-9811
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
CVSS Score
4.7
EPSS Score
0.005
Published
2017-01-13
CVE-2016-9812
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
CVSS Score
7.5
EPSS Score
0.014
Published
2017-01-13
CVE-2016-9813
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.054
Published
2017-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved