CVE-2017-5843

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.10.3

Description The issue involves multiple use-after-free vulnerabilities in certain functions within GStreamer. These vulnerabilities can be exploited by remote attackers to cause a denial of service, specifically a crash, through vectors involving stream tags. This has been demonstrated with a specific file, 02785736.mxf, which highlights the potential for exploitation.

Recommendations For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to streams that could potentially trigger the use-after-free vulnerabilities in the gst mini object unref, gst tag list unref, and gst mxf demux update essence tracks functions until a patch is applied.