Denial of Service in GStreamer Audio Parsing by GStreamer
CVE-2016-10198

5.5MEDIUM

Key Information:

Vendor: Gstreamer Project
Status: Gstreamer
Vendor: CVE Published:; 9 February 2017

🔔 Create Gstreamer Project Vulnerability Alert

What is CVE-2016-10198?

The gst_aac_parse_sink_setcaps function in GStreamer’s gst-plugins-good module prior to version 1.10.3 is vulnerable to a Denial of Service attack. By crafting a malicious audio file, remote attackers can exploit this vulnerability to induce an invalid memory read, resulting in a crash of the application. This could severely disrupt services relying on GStreamer for audio processing.