Denial of Service Vulnerability in GStreamer by GStreamer Developers
CVE-2017-5846

5.5MEDIUM

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
9 February 2017

What is CVE-2017-5846?

The function gst_asf_demux_process_ext_stream_props in the gst-plugins-ugly package of GStreamer prior to version 1.10.3 is susceptible to a denial of service vulnerability. This flaw can be exploited by remote attackers through specially crafted video files containing excessive language tracks, potentially leading to an invalid memory read and subsequent application crash, significantly disrupting service availability.

References

http://www.securityfocus.com/bid/96001
vdb-entryx_refsource_BID
https://bugzilla.gnome.org/show_bug.cgi?id=777937
x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3821
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.