Out-of-Bounds Heap Read Vulnerability in GStreamer by GNOME
CVE-2017-5838

7.5HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
9 February 2017

What is CVE-2017-5838?

A vulnerability exists in the GStreamer library due to improper handling of malformed ISO8601 datetime strings in the gst_date_time_new_from_iso8601_string function. This flaw can lead to an out-of-bounds heap read, allowing remote attackers to potentially exploit this vulnerability and cause a denial of service. Users of GStreamer versions prior to 1.10.3 are at risk and are advised to upgrade to a patched version to mitigate the threat.

References

http://www.debian.org/security/2017/dsa-3822
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/96001
vdb-entryx_refsource_BID
https://bugzilla.gnome.org/show_bug.cgi?id=777263
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.