VYPR

rpm package

opensuse/gstreamer&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/gstreamer&distro=openSUSE%20Tumbleweed

Vulnerabilities (6)

  • CVE-2024-47606Dec 11, 2024
    affected < 1.24.10-2.1fixed 1.24.10-2.1

    GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a

  • CVE-2017-5847HigFeb 9, 2017
    affected < 1.18.5-2.1fixed 1.18.5-2.1

    The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.

  • CVE-2017-5846MedFeb 9, 2017
    affected < 1.18.5-2.1fixed 1.18.5-2.1

    The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.

  • CVE-2017-5842MedFeb 9, 2017
    affected < 1.18.5-2.1fixed 1.18.5-2.1

    The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.

  • CVE-2017-5838HigFeb 9, 2017
    affected < 1.18.5-2.1fixed 1.18.5-2.1

    The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.

  • CVE-2016-10198MedFeb 9, 2017
    affected < 1.18.5-2.1fixed 1.18.5-2.1

    The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.