Filtered by vendor Gstreamer Project
Subscribe
Total
31 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1921 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2023-12-10 | N/A | 7.8 HIGH |
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | |||||
CVE-2022-1920 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2023-12-10 | N/A | 7.8 HIGH |
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. | |||||
CVE-2022-1924 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2023-12-10 | N/A | 7.8 HIGH |
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | |||||
CVE-2022-1925 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2023-12-10 | N/A | 7.8 HIGH |
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. | |||||
CVE-2022-1922 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2023-12-10 | N/A | 7.8 HIGH |
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | |||||
CVE-2022-1923 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2023-12-10 | N/A | 7.8 HIGH |
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. | |||||
CVE-2022-2122 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2023-12-10 | N/A | 7.8 HIGH |
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. | |||||
CVE-2021-3498 | 3 Debian, Gstreamer Project, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | |||||
CVE-2021-3497 | 3 Debian, Gstreamer Project, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | |||||
CVE-2021-3522 | 3 Gstreamer Project, Netapp, Oracle | 12 Gstreamer, Active Iq Unified Manager, E-series Santricity Os Controller and 9 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | |||||
CVE-2020-6095 | 2 Gstreamer Project, Opensuse | 3 Gst-rtsp-server, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2019-9928 | 3 Canonical, Debian, Gstreamer Project | 3 Ubuntu Linux, Debian Linux, Gstreamer | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. | |||||
CVE-2016-9447 | 1 Gstreamer Project | 1 Gstreamer | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file. | |||||
CVE-2017-5838 | 1 Gstreamer Project | 1 Gstreamer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | |||||
CVE-2017-5839 | 1 Gstreamer Project | 1 Gstreamer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. | |||||
CVE-2016-9446 | 3 Fedoraproject, Gstreamer Project, Redhat | 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | |||||
CVE-2017-5842 | 1 Gstreamer Project | 1 Gstreamer | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | |||||
CVE-2017-5848 | 3 Debian, Gstreamer Project, Redhat | 8 Debian Linux, Gstreamer, Enterprise Linux Desktop and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | |||||
CVE-2017-5847 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | |||||
CVE-2016-9445 | 1 Gstreamer Project | 1 Gstreamer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. |