ID CVE-2017-5843
Summary Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
References
Vulnerable Configurations
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.9:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.10:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.11:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.12:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.13:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.15:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.16:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.17:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.18:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.19:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.20:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.21:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.22:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.23:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.23:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.24:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.24:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.25:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.25:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.26:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.26:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.27:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.27:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.28:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.28:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.29:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.29:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.30:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.30:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.31:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.31:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.32:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.32:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.33:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.33:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.34:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.34:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.35:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.35:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:0.10.36:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:0.10.36:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.1.90:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.1.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.3.90:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.3.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.3.91:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.3.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.5.90:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.5.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.5.91:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.5.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.7.90:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.7.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.7.91:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.7.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.9.90:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.9.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gstreamer_project:gstreamer:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:gstreamer_project:gstreamer:1.10.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2017:2060
rpms
  • clutter-gst2-0:2.0.18-1.el7
  • clutter-gst2-debuginfo-0:2.0.18-1.el7
  • clutter-gst2-devel-0:2.0.18-1.el7
  • gnome-video-effects-0:0.4.3-1.el7
  • gstreamer-plugins-bad-free-0:0.10.23-23.el7
  • gstreamer-plugins-bad-free-debuginfo-0:0.10.23-23.el7
  • gstreamer-plugins-bad-free-devel-0:0.10.23-23.el7
  • gstreamer-plugins-bad-free-devel-docs-0:0.10.23-23.el7
  • gstreamer-plugins-good-0:0.10.31-13.el7
  • gstreamer-plugins-good-debuginfo-0:0.10.31-13.el7
  • gstreamer-plugins-good-devel-docs-0:0.10.31-13.el7
  • gstreamer1-0:1.10.4-2.el7
  • gstreamer1-debuginfo-0:1.10.4-2.el7
  • gstreamer1-devel-0:1.10.4-2.el7
  • gstreamer1-devel-docs-0:1.10.4-2.el7
  • gstreamer1-plugins-bad-free-0:1.10.4-2.el7
  • gstreamer1-plugins-bad-free-debuginfo-0:1.10.4-2.el7
  • gstreamer1-plugins-bad-free-devel-0:1.10.4-2.el7
  • gstreamer1-plugins-bad-free-gtk-0:1.10.4-2.el7
  • gstreamer1-plugins-base-0:1.10.4-1.el7
  • gstreamer1-plugins-base-debuginfo-0:1.10.4-1.el7
  • gstreamer1-plugins-base-devel-0:1.10.4-1.el7
  • gstreamer1-plugins-base-devel-docs-0:1.10.4-1.el7
  • gstreamer1-plugins-base-tools-0:1.10.4-1.el7
  • gstreamer1-plugins-good-0:1.10.4-2.el7
  • gstreamer1-plugins-good-debuginfo-0:1.10.4-2.el7
  • orc-0:0.4.26-1.el7
  • orc-compiler-0:0.4.26-1.el7
  • orc-debuginfo-0:0.4.26-1.el7
  • orc-devel-0:0.4.26-1.el7
  • orc-doc-0:0.4.26-1.el7
refmap via4
bid 96001
confirm
debian DSA-3818
gentoo GLSA-201705-10
mlist
  • [debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
  • [oss-security] 20170201 Multiple memory access issues in gstreamer
  • [oss-security] 20170202 Re: Multiple memory access issues in gstreamer
Last major update 05-01-2018 - 02:31
Published 09-02-2017 - 15:59
Last modified 05-01-2018 - 02:31
Back to Top