ID CVE-2017-5842
Summary The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
References
Vulnerable Configurations
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.9:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.10:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.11:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.12:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.13:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.15:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.16:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.17:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.18:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.19:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.20:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.21:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.22:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.23:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.23:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.24:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.24:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.25:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.25:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.26:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.26:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.27:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.27:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.28:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.28:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.29:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.29:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.30:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.30:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.31:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.31:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.32:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.32:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.33:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.33:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.34:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.34:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.35:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.35:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.36:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.36:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.10.2:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2017:2060
rpms
  • orc-0:0.4.26-1.el7
  • orc-compiler-0:0.4.26-1.el7
  • orc-devel-0:0.4.26-1.el7
  • orc-doc-0:0.4.26-1.el7
  • gstreamer-plugins-good-0:0.10.31-13.el7
  • gstreamer-plugins-good-devel-docs-0:0.10.31-13.el7
  • gstreamer-plugins-bad-free-0:0.10.23-23.el7
  • gstreamer-plugins-bad-free-devel-0:0.10.23-23.el7
  • gstreamer-plugins-bad-free-devel-docs-0:0.10.23-23.el7
  • clutter-gst2-0:2.0.18-1.el7
  • clutter-gst2-devel-0:2.0.18-1.el7
  • gnome-video-effects-0:0.4.3-1.el7
  • gstreamer1-plugins-base-0:1.10.4-1.el7
  • gstreamer1-plugins-base-devel-0:1.10.4-1.el7
  • gstreamer1-plugins-base-devel-docs-0:1.10.4-1.el7
  • gstreamer1-plugins-base-tools-0:1.10.4-1.el7
  • gstreamer1-0:1.10.4-2.el7
  • gstreamer1-devel-0:1.10.4-2.el7
  • gstreamer1-devel-docs-0:1.10.4-2.el7
  • gstreamer1-plugins-good-0:1.10.4-2.el7
  • gstreamer1-plugins-bad-free-0:1.10.4-2.el7
  • gstreamer1-plugins-bad-free-devel-0:1.10.4-2.el7
  • gstreamer1-plugins-bad-free-gtk-0:1.10.4-2.el7
refmap via4
bid 96001
confirm
debian DSA-3819
gentoo GLSA-201705-10
mlist
  • [oss-security] 20170201 Multiple memory access issues in gstreamer
  • [oss-security] 20170202 Re: Multiple memory access issues in gstreamer
Last major update 05-01-2018 - 02:31
Published 09-02-2017 - 15:59
Back to Top