Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2019-9928

Published: 24/04/2019 Updated: 24/08/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Gstreamer Project

Vulnerability Summary

GStreamer prior to 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gstreamer project gstreamer

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 18.10

canonical ubuntu linux 18.04

canonical ubuntu linux 16.04

Vendor Advisories

Debian CVElist Bug Report Logs: gst-plugins-base1.0: CVE-2019-9928: Buffer overflow in RTSP parsing
Debian Bug report logs - #927978 gst-plugins-base10: CVE-2019-9928: Buffer overflow in RTSP parsing Package: src:gst-plugins-base10; Maintainer for src:gst-plugins-base10 is Maintainers of GStreamer packages <gst-plugins-base10@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, ...
Ubuntu Security Notice: gst-plugins-base0.10, gst-plugins-base1.0 vulnerability
GStreamer Base Plugins could be made to crash or run programs if it received specially crafted network traffic ...
Debian Security Advisories: DSA-4437-1 gst-plugins-base1.0 -- security update
It was discovered that a buffer overflow in the RTSP parser of the GStreamer media framework may result in the execution of arbitrary code if a malformed RSTP stream is opened For the stable distribution (stretch), this problem has been fixed in version 1104-1+deb9u1 We recommend that you upgrade your gst-plugins-base10 packages For the detai ...

References

CWE-787https://gstreamer.freedesktop.org/security/sa-2019-0001.htmlhttps://gstreamer.freedesktop.org/security/https://lists.debian.org/debian-lts-announce/2019/04/msg00031.htmlhttps://lists.debian.org/debian-lts-announce/2019/04/msg00030.htmlhttps://usn.ubuntu.com/3958-1/https://seclists.org/bugtraq/2019/Apr/39https://www.debian.org/security/2019/dsa-4437http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.htmlhttps://security.gentoo.org/glsa/202003-33http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00049.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927978https://usn.ubuntu.com/3958-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook