CVE-2017-5844Divide By Zero in Gst-plugins-base1.0

CWE-369Divide By Zero11 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.7%
top 27.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Gst-plugins-base1.0Gstreamer
Timeline
PublishedFeb 9
Latest updateMay 13

Description

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.10.3-1 (bookworm)

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-pj86-cp84-fxhp: The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media2022-05-13
OSV
CVE-2017-5844: The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media2017-02-09

📋Vendor Advisories

3
Ubuntu
GStreamer Base Plugins vulnerabilities2017-03-27
Red Hat
gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps2017-01-20
Debian
CVE-2017-5844: gst-plugins-base1.0 - The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst...2017

💬Community

5
Bugzilla
CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 mingw-gstreamer1-plugins-base: various flaws [fedora-all]2017-02-06
Bugzilla
CVE-2017-5844 gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps2017-02-06
Bugzilla
CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 gstreamer1-plugins-base: various flaws [fedora-all]2017-02-06
Bugzilla
CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 mingw-gstreamer-plugins-base: various flaws [fedora-all]2017-02-06
Bugzilla
CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 gstreamer-plugins-base: various flaws [fedora-all]2017-02-06
CVE-2017-5844 — Divide By Zero in Gst-plugins-base1.0 | cvebase