Denial of Service Vulnerability in GStreamer by GStreamer Development Team
CVE-2017-5848

7.5HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
9 February 2017

What is CVE-2017-5848?

A vulnerability exists in the gst_ps_demux_parse_psm function of GStreamer’s gst-plugins-bad. This flaw allows remote attackers to exploit improper parsing of Program Stream Map (PSM) data, leading to invalid memory access, which can result in a denial of service due to application crashes. Attackers can leverage this vulnerability to disrupt services that rely on GStreamer for media processing, posing risks to the availability of applications utilizing this library.

References

http://www.debian.org/security/2017/dsa-3818
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/96001
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2060
vendor-advisoryx_refsource_REDHAT

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2017-5848 : Denial of Service Vulnerability in GStreamer by GStreamer Development Team