Gstreamer

Gstreamer

101 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-9446

  • EPSS 1.28%
  • Veröffentlicht 23.01.2017 21:59:03
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

7.8

CVE-2016-9447

  • EPSS 0.48%
  • Veröffentlicht 23.01.2017 21:59:03
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.

7.5

CVE-2016-9808

Exploit
  • EPSS 5.49%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.

7.8

CVE-2016-9809

  • EPSS 0.49%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.

5.5

CVE-2016-9810

  • EPSS 0.67%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unr...

4.7

CVE-2016-9811

  • EPSS 0.49%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

7.5

CVE-2016-9812

  • EPSS 1.41%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.

5.5

CVE-2016-9813

  • EPSS 4.81%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

5.5

CVE-2016-9807

  • EPSS 0.77%
  • Veröffentlicht 13.01.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.

6.8

CVE-2015-0797

  • EPSS 7.61%
  • Veröffentlicht 14.05.2015 10:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbi...