Vulnerability CVE-2017-5846

Vulnerability Name:

CVE-2017-5846 (CCN-121885)

Assigned:

2017-01-30

Published:

2017-01-30

Updated:

2020-05-30

Summary:

The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-5846

Source: DEBIAN
Type: UNKNOWN
DSA-3821

Source: CCN
Type: oss-sec Mailing List, Wed, 1 Feb 2017 11:56:16 +0100
Multiple memory access issues in gstreamer

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20170201 Multiple memory access issues in gstreamer

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20170202 Re: Multiple memory access issues in gstreamer

Source: BID
Type: Third Party Advisory, VDB Entry
96001

Source: CCN
Type: BID-96001
Multiple GStreamer Plug-ins Buffer Overflow and Denial Of Service Vulnerabilities

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.gnome.org/show_bug.cgi?id=777937

Source: XF
Type: UNKNOWN
gstreamer-cve20175846-dos(121885)

Source: CCN
Type: GStreamer Web site
GStreamer: open source multimedia framework

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://gstreamer.freedesktop.org/releases/1.10/#1.10.3

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20200530 [SECURITY] [DLA 2226-1] gst-plugins-ugly0.10 security update

Source: GENTOO
Type: UNKNOWN
GLSA-201705-10

Vulnerable Configuration:

Configuration 1:

cpe:/a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:* (Version <= 1.10.2)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20175846	V	CVE-2017-5846	2023-06-22
oval:org.opensuse.security:def:7521	P	gstreamer-1.22.0-150500.1.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:634	P	Security update for rubygem-actionview-5_1 (Important) (in QA)	2022-09-29
oval:org.opensuse.security:def:744	P	Important security update for SUSE Manager Client Tools (Important)	2022-09-08
oval:org.opensuse.security:def:673	P	Security update for u-boot (Important)	2022-08-03
oval:org.opensuse.security:def:2945	P	gstreamer-1.20.1-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94575	P	gstreamer-1.20.1-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1080	P	Security update for ImageMagick (Moderate) (in QA)	2022-06-16
oval:org.opensuse.security:def:91	P	krb5-1.16.3-3.15.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:77	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:373	P	trousers-0.3.15-150400.1.10 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:94020	P	(Moderate)	2022-05-05
oval:org.opensuse.security:def:1326	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2022-04-25
oval:org.opensuse.security:def:100733	P	(Important)	2022-04-22
oval:org.opensuse.security:def:100442	P	(Important)	2022-03-24
oval:org.opensuse.security:def:970	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:94275	P	(Important)	2022-03-10
oval:org.opensuse.security:def:1193	P	Security update for go1.16 (Important)	2022-03-04
oval:org.opensuse.security:def:1436	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) (Important)	2022-03-01
oval:org.opensuse.security:def:112369	P	gstreamer-1.18.5-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:49467	P	Security update for nodejs12 (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:105880	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:69765	P	Security update for mariadb (Moderate)	2021-12-06
oval:org.opensuse.security:def:69951	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:61462	P	gstreamer-1.12.5-1.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71203	P	gstreamer-1.12.5-1.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89617	P	gstreamer-1.12.5-1.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71231	P	libXfixes-devel-5.0.3-1.24 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103272	P	gstreamer-1.12.5-1.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96582	P	gstreamer-1.12.5-1.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:1549	P	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)	2021-08-23
oval:org.opensuse.security:def:47156	P	squidGuard-1.4-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48154	P	libncurses5-32bit-5.9-64.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47966	P	bubblewrap-0.3.3-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47165	P	tar-1.27.1-8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47223	P	coolkey-1.1.0-147.67 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48051	P	java-1_7_0-openjdk-1.7.0.231-43.27.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47170	P	unzip-6.00-32.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48216	P	libvirt-5.1.0-11.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47265	P	git-core-2.12.3-26.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48180	P	libpython2_7-1_0-2.7.13-28.31.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47313	P	libXext6-1.3.2-3.60 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47355	P	libicu-doc-52.1-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48122	P	libhivex0-1.3.10-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47291	P	iputils-s20121221-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48281	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47266	P	glib2-lang-2.48.2-10.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48264	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47527	P	wpa_supplicant-2.2-14.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47447	P	mozilla-nspr-32bit-4.13.1-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47484	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48312	P	strongswan-5.1.3-26.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47280	P	gtk2-data-2.24.31-7.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48326	P	tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47611	P	ft2demos-2.6.3-7.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47595	P	dosfstools-3.0.26-6.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47616	P	gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47401	P	libpython3_4m1_0-3.4.6-24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47673	P	libXdmcp6-1.1.1-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46894	P	at-3.1.14-7.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47809	P	libvte9-0.28.2-19.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47708	P	libgc1-7.2d-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47594	P	dnsmasq-2.78-18.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47738	P	liblua5_2-32bit-5.2.4-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46895	P	augeas-1.2.0-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47893	P	strongswan-5.1.3-26.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47856	P	pigz-2.3-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47726	P	libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46941	P	freeradius-server-3.0.3-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47769	P	libprocps3-3.3.9-11.14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46909	P	coreutils-8.25-12.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47955	P	atftp-0.7.0-160.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47155	P	squid-3.5.21-23.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48070	P	libSoundTouch0-1.7.1-5.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47818	P	libykcs11-1-1.5.0-3.16 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47073	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47840	P	pam-1.1.8-24.14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47030	P	libidn-tools-1.28-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48020	P	glib2-lang-2.48.2-12.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:107654	P	libgstreamer-1_0-0-32bit-1.16.2-1.53 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63485	P	libgstreamer-1_0-0-32bit-1.16.2-1.53 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2342	P	libgstreamer-1_0-0-32bit-1.16.2-1.53 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2396	P	libgstreamer-1_0-0-32bit-1.16.2-1.53 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100988	P	libgstreamer-1_0-0-32bit-1.16.2-1.53 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63431	P	libgstreamer-1_0-0-32bit-1.16.2-1.53 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100853	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1006	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62095	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71836	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:67778	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:64531	P	Security update for python-rsa (Important)	2021-06-17
oval:org.opensuse.security:def:70860	P	alsa-1.1.5-4.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70973	P	libgd3-2.2.5-2.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46612	P	apache-commons-daemon-1.0.15-4.221 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48478	P	libXxf86dga1-1.1.4-3.58 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71118	P	vim-8.0.1568-3.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48532	P	libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46613	P	apache-commons-httpclient-3.1-4.498 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48383	P	cifs-utils-6.5-8.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48391	P	cron-4.2-58.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46627	P	cifs-utils-6.4-6.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48760	P	typelib-1_0-EvinceDocument-3_0-3.10.3-1.213 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48422	P	gdk-pixbuf-lang-2.34.0-16.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48814	P	python-devel-2.7.9-24.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46748	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48493	P	libfreetype6-2.6.3-7.8.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61180	P	gstreamer-1.12.5-1.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70921	P	gstreamer-1.12.5-1.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:69660	P	Security update for umoci (Important)	2021-06-04
oval:org.opensuse.security:def:93729	P	(Important)	2021-04-01
oval:org.opensuse.security:def:66700	P	Security update for clamav-database (Important)	2020-12-14
oval:org.opensuse.security:def:64273	P	Security update for openssl-1_1 (Important)	2020-12-09
oval:org.opensuse.security:def:64444	P	Security update for curl (Moderate)	2020-12-09
oval:org.opensuse.security:def:62415	P	gstreamer-devel-1.12.5-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72134	P	gstreamer-devel-1.12.5-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116666	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103530	P	gstreamer-devel-1.12.5-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62525	P	gstreamer-devel-1.12.5-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72244	P	gstreamer-devel-1.12.5-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116957	P	gstreamer-devel-1.16.2-1.53 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107108	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61762	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71503	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62638	P	gstreamer-devel-1.16.2-1.53 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72357	P	gstreamer-devel-1.16.2-1.53 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107399	P	gstreamer-devel-1.16.2-1.53 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89875	P	gstreamer-devel-1.12.5-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49060	P	typelib-1_0-Gtk-2_0-2.24.31-9.6.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:73391	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:64186	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:70056	P	gstreamer-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67520	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:49357	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67620	P	gstreamer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49411	P	gstreamer-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67878	P	gstreamer-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49521	P	gstreamer-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66317	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:72982	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:66409	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:49580	P	libthai-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49634	P	gstreamer-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73100	P	gstreamer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66608	P	python3-numpy on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73273	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49114	P	gstreamer on GA media (Moderate)	2020-12-01
oval:com.ubuntu.cosmic:def:201758460000000	V	CVE-2017-5846 on Ubuntu 18.10 (cosmic) - low.	2017-02-09
oval:com.ubuntu.artful:def:20175846000	V	CVE-2017-5846 on Ubuntu 17.10 (artful) - low.	2017-02-09
oval:com.ubuntu.trusty:def:20175846000	V	CVE-2017-5846 on Ubuntu 14.04 LTS (trusty) - low.	2017-02-09
oval:com.ubuntu.bionic:def:201758460000000	V	CVE-2017-5846 on Ubuntu 18.04 LTS (bionic) - low.	2017-02-09
oval:com.ubuntu.bionic:def:20175846000	V	CVE-2017-5846 on Ubuntu 18.04 LTS (bionic) - low.	2017-02-09
oval:com.ubuntu.xenial:def:20175846000	V	CVE-2017-5846 on Ubuntu 16.04 LTS (xenial) - low.	2017-02-09
oval:com.ubuntu.xenial:def:201758460000000	V	CVE-2017-5846 on Ubuntu 16.04 LTS (xenial) - low.	2017-02-09
oval:com.ubuntu.cosmic:def:20175846000	V	CVE-2017-5846 on Ubuntu 18.10 (cosmic) - low.	2017-02-09
oval:com.ubuntu.disco:def:201758460000000	V	CVE-2017-5846 on Ubuntu 19.04 (disco) - low.	2017-02-09
oval:com.ubuntu.precise:def:20175846000	V	CVE-2017-5846 on Ubuntu 12.04 LTS (precise) - low.	2017-02-09

BACK