Hanno Bã¶Ck

**Name of the Vulnerable Software and Affected Versions** GStreamer gst-plugins-ugly (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. This is due to a problem in the `gst asf demux process ext content desc` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GStreamer gst-plugins-bad (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid memory read and crash. This is achieved through vectors involving PSM parsing, specifically targeting the gst ps demux parse psm function in gst/mpegdemux/gstmpegdemux.c. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash due to a floating point exception, by providing a crafted video file. This is related to the `gst riff create audio caps` function in `gst-libs/gst/riff/riff-media.c` in `gst-plugins-base`. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds heap read, by providing a malformed datetime string to the `gst date time new from iso8601 string` function in `gst/gstdatetime.c`. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue is related to the gst riff create audio caps function in gst-libs/gst/riff/riff-media.c, which does not properly limit recursion. This allows remote attackers to cause a denial of service, resulting in a stack overflow and crash, via vectors involving nested WAVEFORMATEX. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to nested WAVEFORMATEX structures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file. This is demonstrated by the OneNote Manager.smi file. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the html context handle element function in gst/subparse/samiparse.c until a patch is available. Avoid using crafted SMI files with the affected GStreamer versions.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue involves multiple use-after-free vulnerabilities in certain functions within GStreamer. These vulnerabilities can be exploited by remote attackers to cause a denial of service, specifically a crash, through vectors involving stream tags. This has been demonstrated with a specific file, 02785736.mxf, which highlights the potential for exploitation. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to streams that could potentially trigger the use-after-free vulnerabilities in the gst mini object unref, gst tag list unref, and gst mxf demux update essence tracks functions until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash due to a floating point exception, by providing a crafted ASF file. This is related to the `gst riff create audio caps` function in `gst-libs/gst/riff/riff-media.c` in `gst-plugins-base`. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of ASF files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid memory read and crash. This is related to the number of languages in a video file, specifically involving the gst asf demux process ext stream props function in gst-plugins-ugly. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of video files with multiple languages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue is related to the gst avi demux parse ncdt function in the gst-plugins-good plugin of the GStreamer multimedia framework. It allows remote attackers to cause a denial of service due to an invalid memory read and crash. This can be achieved by using a specially crafted ncdt sub-tag that exceeds the boundaries of the surrounding tag. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the gst avi demux parse ncdt function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.10.3 **Description** The issue is related to the gst avi demux parse ncdt function in the gst-plugins-good plugin of the GStreamer multimedia framework. It allows remote attackers to cause a denial of service due to an out-of-bounds heap read via vectors involving ncdt tags. **Recommendations** For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the gst avi demux parse ncdt function until a patch is available. Avoid using ncdt tags in affected operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.0.1o OpenSSL versions prior to 1.0.2c **Description** The issue is caused by a buffer overflow in the ASN.1 implementation, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted ANY field in serialized data. This can lead to memory corruption. The vulnerability is related to the misinterpretation of large universal tags as negative zero values in ANY structures. **Recommendations** For versions prior to 1.0.1o, update to version 1.0.1o or later. For versions prior to 1.0.2c, update to version 1.0.2c or later. As a temporary workaround, consider restricting the use of the `d2i ASN1 TYPE` function until a patch is available. Avoid deserializing untrusted ASN.1 structures containing an ANY field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Serendipity (S9Y) versions prior to 1.3-beta1 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via the `Real name` field in Personal Settings, which is then presented to readers of articles, or through a file upload, such as uploading .htm, .html, or .js files. **Recommendations** For versions prior to 1.3-beta1, update to version 1.3-beta1 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature and limiting the ability to modify the `Real name` field in Personal Settings to trusted users only. Avoid using the `Real name` field for any sensitive information until the issue is resolved.