Filtered by vendor Gstreamer
Subscriptions
Filtered by product Gstreamer
Subscriptions
Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-37328 | 3 Gstreamer, Gstreamer Project, Redhat | 3 Gstreamer, Gstreamer, Enterprise Linux | 2024-12-17 | 8.8 High |
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994. | ||||
CVE-2023-40475 | 3 Gstreamer, Gstreamer Project, Redhat | 3 Gstreamer, Gstreamer, Enterprise Linux | 2024-12-17 | 8.8 High |
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21661. | ||||
CVE-2023-40474 | 3 Gstreamer, Gstreamer Project, Redhat | 3 Gstreamer, Gstreamer, Enterprise Linux | 2024-12-17 | 8.8 High |
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21660. | ||||
CVE-2023-40476 | 3 Gstreamer, Gstreamer Project, Redhat | 3 Gstreamer, Gstreamer, Enterprise Linux | 2024-12-16 | 8.8 High |
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21768. | ||||
CVE-2016-9813 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2024-11-21 | N/A |
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | ||||
CVE-2016-9812 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2024-11-21 | N/A |
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. | ||||
CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 10 Debian Linux, Fedora, Gstreamer and 7 more | 2024-11-21 | 4.7 Medium |
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | ||||
CVE-2016-9810 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2024-11-21 | N/A |
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. | ||||
CVE-2016-9809 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2024-11-21 | N/A |
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. | ||||
CVE-2016-9808 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2024-11-21 | N/A |
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. | ||||
CVE-2016-9807 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2024-11-21 | N/A |
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. | ||||
CVE-2016-9636 | 3 Debian, Gstreamer, Redhat | 7 Debian Linux, Gstreamer, Enterprise Linux and 4 more | 2024-11-21 | N/A |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. | ||||
CVE-2016-9635 | 3 Debian, Gstreamer, Redhat | 7 Debian Linux, Gstreamer, Enterprise Linux and 4 more | 2024-11-21 | N/A |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. | ||||
CVE-2016-9634 | 3 Debian, Gstreamer, Redhat | 7 Debian Linux, Gstreamer, Enterprise Linux and 4 more | 2024-11-21 | N/A |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. |
Page 1 of 1.