Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gstreamer Project Subscribe
Total 31 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9445 1 Gstreamer Project 1 Gstreamer 2020-02-24 5.0 MEDIUM 7.5 HIGH
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
CVE-2017-5839 1 Gstreamer Project 1 Gstreamer 2019-10-02 5.0 MEDIUM 7.5 HIGH
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
CVE-2017-5844 1 Gstreamer Project 1 Gstreamer 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
CVE-2017-5837 1 Gstreamer Project 1 Gstreamer 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
CVE-2017-5843 1 Gstreamer Project 1 Gstreamer 2018-01-04 5.0 MEDIUM 7.5 HIGH
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
CVE-2017-5838 1 Gstreamer Project 1 Gstreamer 2018-01-04 5.0 MEDIUM 7.5 HIGH
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
CVE-2017-5845 1 Gstreamer Project 1 Gstreamer 2018-01-04 5.0 MEDIUM 7.5 HIGH
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
CVE-2017-5842 1 Gstreamer Project 1 Gstreamer 2018-01-04 4.3 MEDIUM 5.5 MEDIUM
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
CVE-2017-5841 1 Gstreamer Project 1 Gstreamer 2018-01-04 5.0 MEDIUM 7.5 HIGH
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
CVE-2016-9447 1 Gstreamer Project 1 Gstreamer 2018-01-04 6.8 MEDIUM 7.8 HIGH
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVE-2016-10199 1 Gstreamer Project 1 Gstreamer 2018-01-04 5.0 MEDIUM 7.5 HIGH
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.