CVE-2017-5845

CVE-2017-5845

Name

CVE-2017-5845

Description

The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	http://www.debian.org/security/2017/dsa-3820
Mailing List	http://www.openwall.com/lists/oss-security/2017/02/01/7
Mailing List	http://www.openwall.com/lists/oss-security/2017/02/02/9
Third Party Advisory	http://www.securityfocus.com/bid/96001
cve@mitre.org	https://access.redhat.com/errata/RHSA-2017:2060
Issue Tracking	https://bugzilla.gnome.org/show_bug.cgi?id=777532
Release Notes	https://gstreamer.freedesktop.org/releases/1.10/#1.10.3
cve@mitre.org	https://security.gentoo.org/glsa/201705-10

Type

URI

cve@mitre.org

http://www.debian.org/security/2017/dsa-3820

Mailing List

http://www.openwall.com/lists/oss-security/2017/02/01/7

Mailing List

http://www.openwall.com/lists/oss-security/2017/02/02/9

Third Party Advisory

http://www.securityfocus.com/bid/96001

cve@mitre.org

https://access.redhat.com/errata/RHSA-2017:2060