Gstreamer : Security Vulnerabilities, CVEs, CVSS score >= 7
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
Max CVSS
7.5
EPSS Score
2.54%
Published
2017-01-13
Updated
2018-01-05
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
Max CVSS
7.8
EPSS Score
0.71%
Published
2017-01-13
Updated
2018-01-05
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
Max CVSS
7.5
EPSS Score
1.33%
Published
2017-01-13
Updated
2018-01-05
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
Max CVSS
9.8
EPSS Score
0.25%
Published
2017-01-27
Updated
2018-01-05
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
Max CVSS
9.8
EPSS Score
0.25%
Published
2017-01-27
Updated
2018-01-05
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
Max CVSS
9.8
EPSS Score
0.25%
Published
2017-01-27
Updated
2018-01-05
Array index error in the gst_qtp_trak_handler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins) 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file.
Max CVSS
9.3
EPSS Score
1.31%
Published
2009-02-03
Updated
2017-09-29
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.
Max CVSS
9.3
EPSS Score
8.64%
Published
2009-02-03
Updated
2018-10-11
Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted Sync Sample (aka stss) atom data in a malformed QuickTime media .mov file, related to "mark keyframes."
Max CVSS
9.3
EPSS Score
43.68%
Published
2009-02-02
Updated
2018-10-11
Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file.
Max CVSS
9.3
EPSS Score
13.39%
Published
2009-02-02
Updated
2018-10-11
10 vulnerabilities found