LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2009-0586
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0586

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2015-0797
CVE STATUS: Patched
CVE SUMMARY: GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0797

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-10198
CVE STATUS: Patched
CVE SUMMARY: The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10198

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-10199
CVE STATUS: Patched
CVE SUMMARY: The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10199

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9445
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9445

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9446
CVE STATUS: Patched
CVE SUMMARY: The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9446

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9447
CVE STATUS: Patched
CVE SUMMARY: The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9447

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9634
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9634

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9635
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9635

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9636
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9636

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9807
CVE STATUS: Patched
CVE SUMMARY: The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9807

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9808
CVE STATUS: Patched
CVE SUMMARY: The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9808

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9809
CVE STATUS: Patched
CVE SUMMARY: Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9809

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9810
CVE STATUS: Patched
CVE SUMMARY: The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9810

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9811
CVE STATUS: Patched
CVE SUMMARY: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 4.7
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9811

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9812
CVE STATUS: Patched
CVE SUMMARY: The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9812

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2016-9813
CVE STATUS: Patched
CVE SUMMARY: The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9813

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5837
CVE STATUS: Patched
CVE SUMMARY: The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5837

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5838
CVE STATUS: Patched
CVE SUMMARY: The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5838

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5839
CVE STATUS: Patched
CVE SUMMARY: The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5839

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5840
CVE STATUS: Patched
CVE SUMMARY: The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5840

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5841
CVE STATUS: Patched
CVE SUMMARY: The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5841

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5842
CVE STATUS: Patched
CVE SUMMARY: The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5842

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5843
CVE STATUS: Patched
CVE SUMMARY: Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5843

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5844
CVE STATUS: Patched
CVE SUMMARY: The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5844

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5845
CVE STATUS: Patched
CVE SUMMARY: The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5845

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5846
CVE STATUS: Patched
CVE SUMMARY: The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5846

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5847
CVE STATUS: Patched
CVE SUMMARY: The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5847

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2017-5848
CVE STATUS: Patched
CVE SUMMARY: The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5848

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2019-9928
CVE STATUS: Patched
CVE SUMMARY: GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9928

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2021-3497
CVE STATUS: Patched
CVE SUMMARY: GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3497

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2021-3498
CVE STATUS: Patched
CVE SUMMARY: GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3498

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2021-3522
CVE STATUS: Patched
CVE SUMMARY: GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3522

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2022-1920
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1920

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2022-1921
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1921

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2022-1922
CVE STATUS: Patched
CVE SUMMARY: DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1922

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2022-1923
CVE STATUS: Patched
CVE SUMMARY: DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1923

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2022-1924
CVE STATUS: Patched
CVE SUMMARY: DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1924

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2022-1925
CVE STATUS: Patched
CVE SUMMARY: DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1925

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2022-2122
CVE STATUS: Patched
CVE SUMMARY: DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2122

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-37327
CVE STATUS: Patched
CVE SUMMARY: GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.6
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37327

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-37328
CVE STATUS: Patched
CVE SUMMARY: GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-20994.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37328

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-37329
CVE STATUS: Patched
CVE SUMMARY: GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37329

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-38103
CVE STATUS: Patched
CVE SUMMARY: GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21443.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38103

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-38104
CVE STATUS: Patched
CVE SUMMARY: GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21444.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38104

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-40474
CVE STATUS: Patched
CVE SUMMARY: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21660.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40474

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-40475
CVE STATUS: Patched
CVE SUMMARY: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21661.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40475

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-40476
CVE STATUS: Patched
CVE SUMMARY: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21768.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40476

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-44429
CVE STATUS: Patched
CVE SUMMARY: GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44429

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-44446
CVE STATUS: Patched
CVE SUMMARY: GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44446

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2023-50186
CVE STATUS: Patched
CVE SUMMARY: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-50186

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-0444
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9
CVE SUMMARY: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0444

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-4453
CVE STATUS: Patched
CVE SUMMARY: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-23896.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-4453

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47537
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 8.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47537

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47538
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 8.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47538

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47539
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 8.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47539

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47540
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 8.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47540

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47541
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.9
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47541

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47542
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47542

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47543
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47543

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47544
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47544

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47545
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.9
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47545

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47546
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.9
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47546

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47596
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47596

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47597
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47597

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47598
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47598

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47599
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47599

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47600
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47600

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47601
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47601

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47602
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47602

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47603
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47603

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47606
CVE STATUS: Unpatched
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 8.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47606

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47607
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components.  stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 8.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47607

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47613
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 8.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47613

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47615
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 8.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47615

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47774
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47774

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47775
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47775

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47776
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison  if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47776

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47777
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47777

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47778
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47778

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47834
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-good
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.1
CVSS v4 BASE SCORE: 5.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47834

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2024-47835
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: this is patched ic gstreamer1.0-plugins-base
CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 6.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-47835

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2025-2759
CVE STATUS: Unpatched
CVE SUMMARY: GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.0
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-2759

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2025-3887
CVE STATUS: Unpatched
CVE SUMMARY: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-3887

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2025-47183
CVE STATUS: Unpatched
CVE SUMMARY: In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 6.6
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-47183

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2025-47219
CVE STATUS: Unpatched
CVE SUMMARY: In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.1
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-47219

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2025-47806
CVE STATUS: Unpatched
CVE SUMMARY: In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.6
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-47806

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2025-47807
CVE STATUS: Unpatched
CVE SUMMARY: In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-47807

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2025-47808
CVE STATUS: Unpatched
CVE SUMMARY: In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.6
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-47808

LAYER: meta
PACKAGE NAME: gstreamer1.0
PACKAGE VERSION: 1_1.22.12+git
CVE: CVE-2025-6663
CVE STATUS: Patched
CVE SUMMARY: GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27381.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-6663