CVE-2017-5847

Name
CVE-2017-5847
Description
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory http://www.debian.org/security/2017/dsa-3821
Mailing List http://www.openwall.com/lists/oss-security/2017/02/01/7
Mailing List http://www.openwall.com/lists/oss-security/2017/02/02/9
Third Party Advisory http://www.securityfocus.com/bid/96001
Issue Tracking https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3
Patch https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
Mailing List https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html
Third Party Advisory https://security.gentoo.org/glsa/201705-10

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:* gstreamer >= None < 1.11.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gst-plugins-ugly edge-community 1.10.4-r0 None fixed
gst-plugins-ugly 3.22-community 1.10.4-r0 None fixed
gst-plugins-ugly 3.21-community 1.10.4-r0 None fixed
gst-plugins-ugly 3.20-community 1.10.4-r0 None fixed
gst-plugins-ugly 3.19-community 1.10.4-r0 None fixed
gst-plugins-ugly 3.18-community 1.10.4-r0 None fixed
gst-plugins-ugly 3.17-community 1.10.4-r0 None fixed