Gstreamerproject
Products by Gstreamerproject Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2023 there have been 0 vulnerabilities in Gstreamerproject . Last year Gstreamerproject had 7 security vulnerabilities published. Right now, Gstreamerproject is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 7 | 7.80 |
| 2021 | 3 | 7.03 |
| 2020 | 1 | 7.50 |
| 2019 | 1 | 8.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Gstreamerproject vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gstreamerproject Security Vulnerabilities
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which
CVE-2022-1920
7.8 - High
- July 19, 2022
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
Memory Corruption
DOS / potential heap overwrite in mkv demuxing using zlib decompression
CVE-2022-1922
7.8 - High
- July 19, 2022
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
Integer Overflow or Wraparound
DOS / potential heap overwrite in mkv demuxing using bzip decompression
CVE-2022-1923
7.8 - High
- July 19, 2022
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
Integer Overflow or Wraparound
DOS / potential heap overwrite in mkv demuxing using lzo decompression
CVE-2022-1924
7.8 - High
- July 19, 2022
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
Integer Overflow or Wraparound
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression
CVE-2022-1925
7.8 - High
- July 19, 2022
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.
Integer Overflow or Wraparound
DOS / potential heap overwrite in qtdemux using zlib decompression
CVE-2022-2122
7.8 - High
- July 19, 2022
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
Memory Corruption
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files
CVE-2022-1921
7.8 - High
- July 19, 2022
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.
Integer Overflow or Wraparound
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
CVE-2021-3522
5.5 - Medium
- June 02, 2021
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
Out-of-bounds Read
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
CVE-2021-3498
7.8 - High
- April 19, 2021
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
Memory Corruption
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
CVE-2021-3497
7.8 - High
- April 19, 2021
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
Dangling pointer
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5
CVE-2020-6095
7.5 - High
- March 27, 2020
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
NULL Pointer Dereference
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially
CVE-2019-9928
8.8 - High
- April 24, 2019
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
Memory Corruption
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3
CVE-2017-5840
7.5 - High
- February 09, 2017
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
Out-of-bounds Read
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3
CVE-2016-10198
5.5 - Medium
- February 09, 2017
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
Out-of-bounds Read
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
CVE-2017-5847
7.5 - High
- February 09, 2017
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
Out-of-bounds Read
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3
CVE-2017-5846
5.5 - Medium
- February 09, 2017
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.
Out-of-bounds Read
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie
CVE-2016-9446
7.5 - High
- January 23, 2017
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
Improper Initialization
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag
CVE-2009-0586
- March 14, 2009
Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
Integer Overflow or Wraparound