Your submission was sent successfully! Close

CVE-2017-5845

Published: 9 February 2017

The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was not-affected [code not present])
trusty Does not exist
(trusty was not-affected [code not present])
upstream Needed

xenial Not vulnerable
(code not present)
yakkety Does not exist

zesty Does not exist

gst-plugins-good1.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (1.10.3-1)
xenial
Released (1.8.3-1ubuntu0.4)
yakkety
Released (1.8.3-1ubuntu1.3)
zesty Not vulnerable
(1.10.3-1ubuntu1)