rpm package
opensuse/gstreamer&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gstreamer&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47606 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a | ||
| CVE-2017-5847 | Hig | 7.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | |
| CVE-2017-5846 | Med | 5.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. | |
| CVE-2017-5842 | Med | 5.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | |
| CVE-2017-5838 | Hig | 7.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | |
| CVE-2016-10198 | Med | 5.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. |
- CVE-2024-47606Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.