ALT Linux Team

Package gst-plugins0.10-base update in sisyphus on 2020-04-20

ALT-PU-2020-1780-1

Package gst-plugins0.10-base updated to version 0.10.36-alt3 for branch sisyphus in task 250294.

Closed vulnerabilities

Published: 2019-04-22

BDU:2019-02505

Уязвимость синтаксического анализатора RTSP-соединений мультимедийного фреймворка Gstreamer, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.0) Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2017-02-09
Modified: 2025-04-20

CVE-2017-5837

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2017-02-09
Modified: 2025-04-20

CVE-2017-5844

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2019-04-24
Modified: 2024-11-21

CVE-2019-9928

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top