PT-2017-16705 · Gstreamer+5 · Gstreamer+5

Hanno Bã¶Ck

·

Published

2017-01-30

·

Updated

2024-06-15

·

CVE-2017-5842

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.10.3
Description The issue allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file. This is demonstrated by the OneNote Manager.smi file.
Recommendations For versions prior to 1.10.3, update to version 1.10.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the html context handle element function in gst/subparse/samiparse.c until a patch is available. Avoid using crafted SMI files with the affected GStreamer versions.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-1106
CESA-2017_2060
CVE-2017-5842
DSA-3819-1
MGASA-2017-0320
OPENSUSE-SU-2024:10826-1
RHSA-2017:2060
RHSA-2017_2060
SUSE-SU-2017:1039-1
SUSE-SU-2017:1041-1
USN-3244-1

Affected Products

Alt Linux
Centos
Gstreamer
Red Hat
Suse
Ubuntu