Use-After-Free Vulnerabilities in GStreamer Affecting Remote Execution
CVE-2017-5843

7.5HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
9 February 2017

What is CVE-2017-5843?

Multiple use-after-free vulnerabilities exist within the GStreamer library, particularly in functions such as gst_mini_object_unref, gst_tag_list_unref, and gst_mxf_demux_update_essence_tracks. These vulnerabilities could be exploited by remote attackers to cause a denial of service through crafted media files, affecting the stability of GStreamer versions prior to 1.10.3. Attack vectors may involve manipulating stream tags, leading to application crashes.

References

http://www.debian.org/security/2017/dsa-3818
vendor-advisoryx_refsource_DEBIAN
https://bugzilla.gnome.org/show_bug.cgi?id=777503
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96001
vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.