Denial of Service Vulnerability in GStreamer by GStreamer Developers
CVE-2017-5839

7.5HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
9 February 2017

What is CVE-2017-5839?

The gst_riff_create_audio_caps function in the GStreamer library prior to version 1.10.3 contains a flaw related to recursion limits. This vulnerability allows attackers to exploit the system by sending specially crafted data that creates nested WAVEFORMATEX structures, resulting in a stack overflow and subsequent crash of the application. Such attacks can lead to a denial of service, interrupting user access and impacting system availability.

References

http://www.securityfocus.com/bid/96001
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3819
vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2060
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.