cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:*
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-07-19
Updated
2022-10-07
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-07-19
Updated
2022-10-07
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
Max CVSS
8.8
EPSS Score
2.16%
Published
2019-04-24
Updated
2020-08-24
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
Max CVSS
7.5
EPSS Score
1.90%
Published
2017-02-09
Updated
2018-01-05
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
Max CVSS
5.5
EPSS Score
1.03%
Published
2017-02-09
Updated
2018-01-05
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
Max CVSS
7.8
EPSS Score
1.56%
Published
2017-01-23
Updated
2018-01-05
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!