Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gstreamer
(Gstreamer_project)| Repositories | https://github.com/GStreamer/gst-plugins-ugly |
| #Vulnerabilities | 30 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-02-09 | CVE-2017-5843 | Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. | Gstreamer | 7.5 | ||
| 2017-02-09 | CVE-2017-5842 | The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | Gstreamer | 5.5 | ||
| 2017-02-09 | CVE-2017-5841 | The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. | Gstreamer | 7.5 | ||
| 2017-02-09 | CVE-2017-5838 | The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | Gstreamer | 7.5 | ||
| 2017-02-09 | CVE-2016-10199 | The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. | Gstreamer | 7.5 |