VYPR

rpm package

suse/gstreamer-plugins-base&distro=SUSE Linux Enterprise Desktop 12 SP1

pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Vulnerabilities (5)

  • CVE-2017-5844MedFeb 9, 2017
    affected < 1.2.4-2.6.8fixed 1.2.4-2.6.8

    The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

  • CVE-2017-5842MedFeb 9, 2017
    affected < 1.2.4-2.6.8fixed 1.2.4-2.6.8

    The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.

  • CVE-2017-5839HigFeb 9, 2017
    affected < 1.2.4-2.6.8fixed 1.2.4-2.6.8

    The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMA

  • CVE-2017-5837MedFeb 9, 2017
    affected < 1.2.4-2.6.8fixed 1.2.4-2.6.8

    The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.

  • CVE-2016-9811MedJan 13, 2017
    affected < 1.2.4-2.3.2fixed 1.2.4-2.3.2

    The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.