Denial of Service Vulnerability in GStreamer by GStreamer Project
CVE-2017-5840

7.5HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
9 February 2017

What is CVE-2017-5840?

The qtdemux_parse_samples function in the gst-plugins-good component of GStreamer prior to version 1.10.3 is susceptible to a denial of service attack. This vulnerability allows remote attackers to exploit an out-of-bounds heap read that occurs via specific vectors involving the current stts index. Successful exploitation can lead to application crashes and reduced service availability, impacting users and systems reliant on this multimedia framework.

References

http://www.securityfocus.com/bid/96001
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3820
vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2060
vendor-advisoryx_refsource_REDHAT

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.