Vulnerabilities (CVE)

Filtered by vendor Gstreamer Subscribe
Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9807 1 Gstreamer 1 Gstreamer 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
CVE-2016-9811 4 Debian, Fedoraproject, Gstreamer and 1 more 9 Debian Linux, Fedora, Gstreamer and 6 more 2023-12-10 4.3 MEDIUM 4.7 MEDIUM
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
CVE-2016-9634 3 Debian, Gstreamer, Redhat 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
CVE-2016-9636 3 Debian, Gstreamer, Redhat 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
CVE-2016-9813 1 Gstreamer 1 Gstreamer 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2016-9635 3 Debian, Gstreamer, Redhat 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
CVE-2016-9809 1 Gstreamer 1 Gstreamer 2023-12-10 6.8 MEDIUM 7.8 HIGH
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
CVE-2016-9808 1 Gstreamer 1 Gstreamer 2023-12-10 5.0 MEDIUM 7.5 HIGH
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
CVE-2016-9810 1 Gstreamer 1 Gstreamer 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
CVE-2016-9812 1 Gstreamer 1 Gstreamer 2023-12-10 5.0 MEDIUM 7.5 HIGH
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
CVE-2009-0386 1 Gstreamer 1 Good Plug-ins 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.
CVE-2009-0398 1 Gstreamer 1 Plug-ins 2023-12-10 9.3 HIGH N/A
Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file.
CVE-2009-0387 1 Gstreamer 2 Good Plug-ins, Plug-ins 2023-12-10 9.3 HIGH N/A
Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes."
CVE-2009-1932 1 Gstreamer 1 Good Plug-ins 2023-12-10 6.8 MEDIUM N/A
Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow.
CVE-2009-0397 1 Gstreamer 2 Good Plug-ins, Plug-ins 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.