Gstreamer

Gstreamer

100 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-9446

  • EPSS 1.28%
  • Veröffentlicht 23.01.2017 21:59:03
  • Zuletzt bearbeitet 17.03.2026 15:52:33

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

5.5

CVE-2016-9813

  • EPSS 4.81%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

7.5

CVE-2016-9812

  • EPSS 1.41%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.

4.7

CVE-2016-9811

  • EPSS 0.49%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

5.5

CVE-2016-9810

  • EPSS 0.67%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unr...

7.8

CVE-2016-9809

  • EPSS 0.47%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.

7.5

CVE-2016-9808

Exploit
  • EPSS 5.49%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.

5.5

CVE-2016-9807

  • EPSS 0.77%
  • Veröffentlicht 13.01.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.

6.8

CVE-2015-0797

  • EPSS 7.61%
  • Veröffentlicht 14.05.2015 10:59:00
  • Zuletzt bearbeitet 17.03.2026 15:52:33

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbi...

7.5

CVE-2009-0586

  • EPSS 2.82%
  • Veröffentlicht 14.03.2009 18:30:00
  • Zuletzt bearbeitet 17.03.2026 15:52:33

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via ...