rpm package
suse/gstreamer-plugins-base&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9928 | — | < 1.8.3-13.3.2 | 1.8.3-13.3.2 | Apr 24, 2019 | GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. | ||
| CVE-2017-5844 | Med | 5.5 | < 1.8.3-12.11 | 1.8.3-12.11 | Feb 9, 2017 | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. | |
| CVE-2017-5842 | Med | 5.5 | < 1.8.3-12.11 | 1.8.3-12.11 | Feb 9, 2017 | The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | |
| CVE-2017-5839 | Hig | 7.5 | < 1.8.3-12.11 | 1.8.3-12.11 | Feb 9, 2017 | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMA | |
| CVE-2017-5837 | Med | 5.5 | < 1.8.3-12.11 | 1.8.3-12.11 | Feb 9, 2017 | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. | |
| CVE-2016-9811 | Med | 4.7 | < 1.8.3-9.6 | 1.8.3-9.6 | Jan 13, 2017 | The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. |
- CVE-2019-9928Apr 24, 2019affected < 1.8.3-13.3.2fixed 1.8.3-13.3.2
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
- affected < 1.8.3-12.11fixed 1.8.3-12.11
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
- affected < 1.8.3-12.11fixed 1.8.3-12.11
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
- affected < 1.8.3-12.11fixed 1.8.3-12.11
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMA
- affected < 1.8.3-12.11fixed 1.8.3-12.11
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
- affected < 1.8.3-9.6fixed 1.8.3-9.6
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.