Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — February 09, 2017

14 CVEs tracked today. 0 Critical, 9 High, 5 Medium, 0 Low.

CVE-2017-5848 HIGH CVSS 7.5
This is an out-of-bounds read vulnerability in GStreamer's gst-plugins-bad MPEG demuxer component that allows remote attackers to crash applications by sending specially crafted MPEG Program Stream Map (PSM) data. The vulnerability affects GStreamer installations across multiple Linux distributions including Debian 8.0/9.0 and Red Hat Enterprise Linux 7.x variants. With an EPSS score of 6.52% (91st percentile), this vulnerability has a moderately elevated probability of exploitation in the wild, though no active exploitation or KEV listing is indicated.

Denial Of Service Buffer Overflow Gstreamer Enterprise Linux Workstation Enterprise Linux Server Aus
CVE-2017-5847 HIGH CVSS 7.5
A buffer overflow vulnerability in GStreamer's ASF demuxer component allows remote attackers to trigger out-of-bounds heap reads when processing malformed extended content descriptors in ASF media files. The vulnerability affects GStreamer gst-plugins-ugly and can cause denial of service through application crashes when parsing specially crafted media content. With an EPSS score of 3.07% (87th percentile), this vulnerability has moderate real-world exploitation likelihood but no known active exploitation in the wild.

Denial Of Service Debian Linux Gstreamer
CVE-2017-5845 HIGH CVSS 7.5
A memory safety vulnerability in the AVI demuxer component of GStreamer allows remote attackers to crash applications by providing a malformed AVI file with a malicious ncdt sub-tag. GStreamer versions before 1.10.3 are affected across multiple distributions. With an EPSS score of 3.11% (87th percentile), this vulnerability has moderate real-world exploitation probability, though no active exploitation (KEV listing) has been reported.

Denial Of Service Gstreamer
CVE-2017-5843 HIGH CVSS 7.5
Multiple use-after-free vulnerabilities exist in GStreamer's handling of MXF (Material eXchange Format) media files, affecting versions prior to 1.10.3. Remote attackers can exploit these flaws by crafting malicious MXF files that trigger memory corruption in functions handling stream tags (gst_mini_object_unref, gst_tag_list_unref, and gst_mxf_demux_update_essence_tracks), causing application crashes and denial of service. With an EPSS score of 7.13% (91st percentile), this vulnerability has moderate real-world exploitation probability, though no KEV listing indicates limited active exploitation.

Denial Of Service Gstreamer
CVE-2017-5841 HIGH CVSS 7.5
An out-of-bounds heap read vulnerability exists in the gst_avi_demux_parse_ncdt function within the GStreamer gst-plugins-good component when parsing malformed AVI files containing crafted ncdt tags. GStreamer versions prior to 1.10.3 are affected, allowing remote attackers to cause denial of service without authentication or user interaction. With an EPSS score of 3.11% (87th percentile), the vulnerability shows moderate real-world exploitation likelihood, and patches are available from the vendor.

Denial Of Service Gstreamer
CVE-2017-5840 HIGH CVSS 7.5
A buffer overflow vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to cause denial of service through out-of-bounds heap memory reads. The vulnerability affects GStreamer versions before 1.10.3 and can be triggered by processing specially crafted MP4 files, making it a concern for applications that process untrusted media content. With an EPSS score of 6.86% (91st percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.

Denial Of Service Gstreamer
CVE-2017-5839 HIGH CVSS 7.5
A stack overflow vulnerability exists in the GStreamer multimedia framework's RIFF media handling component, where improper recursion limits when processing nested WAVEFORMATEX structures can cause denial of service crashes. The vulnerability affects GStreamer versions before 1.10.3 and allows remote attackers to crash applications using the framework without authentication. With an EPSS score of 3.04% (87th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild, though it is limited to denial of service impact only.

Denial Of Service Gstreamer
CVE-2017-5838 HIGH CVSS 7.5
A heap buffer overflow vulnerability exists in GStreamer multimedia framework versions before 1.10.3, where malformed ISO8601 datetime strings can trigger out-of-bounds memory reads. The vulnerability affects the gst_date_time_new_from_iso8601_string function and allows remote attackers to cause denial of service conditions without requiring authentication. With an EPSS score of 2.76% (86th percentile), this vulnerability has above-average likelihood of exploitation, though it is not currently listed in CISA KEV.

Denial Of Service Gstreamer
CVE-2016-10199 HIGH CVSS 7.5
A memory safety vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to trigger an out-of-bounds read when processing malformed tag values in media files. The vulnerability affects GStreamer versions before 1.10.3 and can cause application crashes when parsing specially crafted MP4/MOV files. With an EPSS score of 3.13% (87th percentile), this vulnerability has moderate exploitation likelihood in the wild.

Denial Of Service Buffer Overflow Gstreamer
CVE-2017-5846 MEDIUM CVSS 5.5
A out-of-bounds read vulnerability exists in GStreamer's ASF demuxer (gst-plugins-ugly) that allows remote attackers to trigger a denial of service by crafting malicious video files with specially crafted extended stream properties containing an invalid number of languages. GStreamer versions before 1.10.3 are affected, and the vulnerability is triggered through local user interaction with a malicious media file, resulting in application crashes due to invalid memory access. While EPSS scoring indicates relatively low exploitation probability (0.80%, 74th percentile), this is a straightforward denial of service with clear triggering mechanisms.

Denial Of Service Gstreamer
CVE-2017-5844 MEDIUM CVSS 5.5
A floating point exception vulnerability exists in GStreamer's gst_riff_create_audio_caps function within gst-plugins-base versions prior to 1.10.3, allowing remote attackers to trigger a denial of service crash by supplying a specially crafted ASF (Advanced Systems Format) audio file. The vulnerability requires user interaction (file opening) but no elevated privileges, making it exploitable through common media playback scenarios. With an EPSS score of 0.72 (72nd percentile) and confirmed patch availability from the vendor, this represents a moderate real-world risk primarily affecting applications and systems that process untrusted media files.

Denial Of Service Gstreamer
CVE-2017-5842 MEDIUM CVSS 5.5
A out-of-bounds write vulnerability exists in the SAMI subtitle parser (samiparse.c) within GStreamer's gst-plugins-base library before version 1.10.3, triggered when processing maliciously crafted SMI subtitle files. The vulnerability allows remote attackers to cause a denial of service condition by crashing the application through memory corruption. With an EPSS score of 0.80% (74th percentile), patch availability from the vendor, and documented proof-of-concept files (OneNote_Manager.smi), this represents a low-to-moderate exploitation risk despite the moderate CVSS 5.5 score.

Denial Of Service Buffer Overflow Gstreamer
CVE-2017-5837 MEDIUM CVSS 5.5
A floating-point exception vulnerability exists in the gst_riff_create_audio_caps function within GStreamer's gst-plugins-base library, allowing remote attackers to trigger a denial-of-service condition by crafting malicious video files. GStreamer versions before 1.10.3 are affected. The vulnerability has a moderate CVSS score of 5.5 but an EPSS percentile of 72%, indicating meaningful exploitation probability; a vendor patch is available.

Denial Of Service Gstreamer
CVE-2016-10198 MEDIUM CVSS 5.5
An invalid memory read vulnerability exists in the gst_aac_parse_sink_setcaps function within GStreamer's AAC audio parser component (gst-plugins-good). Remote attackers can trigger a denial of service by providing a specially crafted AAC audio file, causing the application to crash. With an EPSS score of 0.76% (73rd percentile) and low attack complexity requiring only user interaction to open a malicious file, this vulnerability represents a moderate practical risk despite the moderate CVSS 5.5 score.

Denial Of Service Buffer Overflow Linux Gstreamer

Today's Vulnerabilities Vulnerabilities