PT-2017-16704 · Gstreamer+5 · Gstreamer+5

Hanno Bã¶Ck

·

Published

2017-01-30

·

Updated

2019-10-03

·

CVE-2017-5839

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.10.3
Description The issue is related to the gst riff create audio caps function in gst-libs/gst/riff/riff-media.c, which does not properly limit recursion. This allows remote attackers to cause a denial of service, resulting in a stack overflow and crash, via vectors involving nested WAVEFORMATEX.
Recommendations For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to nested WAVEFORMATEX structures to minimize the risk of exploitation.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2017-1106
CESA-2017_2060
CVE-2017-5839
DSA-3819-1
MGASA-2017-0320
RHSA-2017:2060
RHSA-2017_2060
SUSE-SU-2017:1039-1
SUSE-SU-2017:1041-1
USN-3244-1

Affected Products

Alt Linux
Centos
Gstreamer
Red Hat
Suse
Ubuntu