Vulnerabilities (CVE)

Filtered by vendor Gstreamer Project Subscribe
Total 31 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1921 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2023-12-10 N/A 7.8 HIGH
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.
CVE-2022-1920 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2023-12-10 N/A 7.8 HIGH
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
CVE-2022-1924 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2023-12-10 N/A 7.8 HIGH
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
CVE-2022-1925 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2023-12-10 N/A 7.8 HIGH
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.
CVE-2022-1922 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2023-12-10 N/A 7.8 HIGH
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
CVE-2022-1923 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2023-12-10 N/A 7.8 HIGH
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
CVE-2022-2122 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2023-12-10 N/A 7.8 HIGH
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
CVE-2021-3498 3 Debian, Gstreamer Project, Redhat 3 Debian Linux, Gstreamer, Enterprise Linux 2023-12-10 6.8 MEDIUM 7.8 HIGH
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
CVE-2021-3497 3 Debian, Gstreamer Project, Redhat 3 Debian Linux, Gstreamer, Enterprise Linux 2023-12-10 6.8 MEDIUM 7.8 HIGH
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
CVE-2021-3522 3 Gstreamer Project, Netapp, Oracle 12 Gstreamer, Active Iq Unified Manager, E-series Santricity Os Controller and 9 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
CVE-2020-6095 2 Gstreamer Project, Opensuse 3 Gst-rtsp-server, Backports Sle, Leap 2023-12-10 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2019-9928 3 Canonical, Debian, Gstreamer Project 3 Ubuntu Linux, Debian Linux, Gstreamer 2023-12-10 6.8 MEDIUM 8.8 HIGH
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVE-2016-9447 1 Gstreamer Project 1 Gstreamer 2023-12-10 6.8 MEDIUM 7.8 HIGH
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVE-2017-5838 1 Gstreamer Project 1 Gstreamer 2023-12-10 5.0 MEDIUM 7.5 HIGH
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
CVE-2017-5839 1 Gstreamer Project 1 Gstreamer 2023-12-10 5.0 MEDIUM 7.5 HIGH
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
CVE-2016-9446 3 Fedoraproject, Gstreamer Project, Redhat 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVE-2017-5842 1 Gstreamer Project 1 Gstreamer 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
CVE-2017-5848 3 Debian, Gstreamer Project, Redhat 8 Debian Linux, Gstreamer, Enterprise Linux Desktop and 5 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
CVE-2017-5847 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2023-12-10 5.0 MEDIUM 7.5 HIGH
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
CVE-2016-9445 1 Gstreamer Project 1 Gstreamer 2023-12-10 5.0 MEDIUM 7.5 HIGH
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.