Your submission was sent successfully! Close

CVE-2017-5840

Published: 9 February 2017

The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [0.10.31-1ubuntu1.5])
trusty Does not exist
(trusty was released [0.10.31-3+nmu1ubuntu5.3])
upstream Needed

xenial
Released (0.10.31-3+nmu4ubuntu2.16.04.3)
yakkety Does not exist

zesty Does not exist

gst-plugins-good1.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [1.2.4-1~ubuntu1.4])
upstream
Released (1.10.3-1)
xenial
Released (1.8.3-1ubuntu0.4)
yakkety
Released (1.8.3-1ubuntu1.3)
zesty Not vulnerable
(1.10.3-1ubuntu1)