Denial of Service Vulnerability in GStreamer Plugin by GStreamer
CVE-2017-5847

7.5HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
9 February 2017

What is CVE-2017-5847?

A vulnerability exists in the gst_asf_demux_process_ext_content_desc function within the GStreamer gst-plugins-ugly package, specifically affecting version handling of extended content descriptors. This flaw allows remote attackers to exploit the vulnerability, potentially leading to a denial of service due to out-of-bounds heap read scenarios. Proper validation and handling in this function are crucial to mitigate such risks, emphasizing the need for timely updates and patches to ensure system integrity.

References

https://github.com/GStreamer/gst-plugins-ugly/commit/d210...
x_refsource_CONFIRM
https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96001
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2017-5847 : Denial of Service Vulnerability in GStreamer Plugin by GStreamer