CVE-2017-5841Out-of-bounds Read in Gst-plugins-good1.0

CWE-125Out-of-bounds Read11 documents7 sources
Severity
7.5HIGHNVD
EPSS
3.1%
top 13.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Gst-plugins-good1.0Gstreamer
Timeline
PublishedFeb 9
Latest updateMay 14

Description

The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

debiandebian/gst-plugins-good1.0< gst-plugins-good1.0 1.10.3-1 (bookworm)

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-fx73-fwc7-g6p4: The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux2022-05-14
OSV
CVE-2017-5841: The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux2017-02-09

📋Vendor Advisories

3
Ubuntu
GStreamer Good Plugins vulnerabilities2017-03-27
Red Hat
gstreamer-plugins-good: Heap out-of-bounds read in gst_avi_demux_parse_ncdt2017-01-19
Debian
CVE-2017-5841: gst-plugins-good1.0 - The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-go...2017

💬Community

5
Bugzilla
CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 gstreamer-plugins-good: various flaws [fedora-all]2017-02-06
Bugzilla
CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 gstreamer1-plugins-good: various flaws [fedora-all]2017-02-06
Bugzilla
CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 mingw-gstreamer-plugins-good: various flaws [fedora-all]2017-02-06
Bugzilla
CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 mingw-gstreamer1-plugins-good: various flaws [fedora-all]2017-02-06
Bugzilla
CVE-2017-5841 gstreamer-plugins-good: Heap out-of-bounds read in gst_avi_demux_parse_ncdt2017-02-06
CVE-2017-5841 — Out-of-bounds Read | cvebase