PT-2017-16708 · Gstreamer+1 · Gstreamer+1

Hanno Bã¶Ck

·

Publicado

2017-01-30

·

Atualizado

2024-06-15

·

CVE-2017-5846

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.10.3
Description The issue allows remote attackers to cause a denial of service, resulting in an invalid memory read and crash. This is related to the number of languages in a video file, specifically involving the gst asf demux process ext stream props function in gst-plugins-ugly.
Recommendations For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of video files with multiple languages to minimize the risk of exploitation.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2017-1106
CVE-2017-5846
DLA-2226-1
DLA-829-1
DSA-3821-1
MGASA-2018-0014
MGASA-2018-0015
OPENSUSE-SU-2024:10826-1

Produtos afetados

Alt Linux
Gstreamer