Denial of Service Vulnerability in GStreamer by GStreamer Team
CVE-2017-5845

7.5HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
9 February 2017

What is CVE-2017-5845?

A memory access vulnerability exists in the GStreamer framework, specifically in the gst_avi_demux_parse_ncdt function. This flaw can be exploited by remote attackers using a malformed ncdt sub-tag that incorrectly interacts with surrounding tags, leading to unexpected memory reads and potential application crashes. Users running versions prior to 1.10.3 are particularly at risk, as this defect can cause significant disruptions to streaming services.

References

http://www.securityfocus.com/bid/96001
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3820
vendor-advisoryx_refsource_DEBIAN
https://bugzilla.gnome.org/show_bug.cgi?id=777532
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.