Published: 09/02/2017 Updated: 05/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer prior to 1.10.3 allows remote malicious users to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gstreamer project gstreamer

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened For the stable distribution (jessie), this problem has been fixed in version 144-2+deb8u1 For the upcoming stable distribution ...

The gst_date_time_new_from_iso8601_string function in gst/gstdatetimec in GStreamer before 1103 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string ...

An out of bounds read has been found in gstreamer before 1103, in gst_date_time_new_from_iso8601_string ...

CWE-125 https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 https://bugzilla.gnome.org/show_bug.cgi?id=777263 http://www.securityfocus.com/bid/96001 http://www.openwall.com/lists/oss-security/2017/02/02/9 http://www.openwall.com/lists/oss-security/2017/02/01/7 https://security.gentoo.org/glsa/201705-10 http://www.debian.org/security/2017/dsa-3822 https://access.redhat.com/errata/RHSA-2017:2060 https://nvd.nist.gov https://www.debian.org/security/./dsa-3822

CVE-2017-5838

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect