GStreamer CVE-2016-10199
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
AnalysisAI
A memory safety vulnerability in GStreamer's MP4/QuickTime demuxer allows remote attackers to trigger an out-of-bounds read when processing malformed tag values in media files. The vulnerability affects GStreamer versions before 1.10.3 and can cause application crashes when parsing specially crafted MP4/MOV files. With an EPSS score of 3.13% (87th percentile), this vulnerability has moderate exploitation likelihood in the wild.
Technical ContextAI
The vulnerability exists in the qtdemux_tag_add_str_full function within the gst/isomp4/qtdemux.c component of the gst-plugins-good package in GStreamer multimedia framework (CPE: cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*). This function handles metadata tag parsing in ISO MP4/QuickTime format files. The root cause is a CWE-125 (Out-of-bounds Read) condition where the code fails to properly validate tag value boundaries before reading memory, leading to potential information disclosure through memory contents beyond the intended buffer.
RemediationAI
Upgrade GStreamer to version 1.10.3 or later as documented in the official GStreamer release notes at https://gstreamer.freedesktop.org/releases/1.10/#1.10.3. Linux distribution users should apply vendor-specific security updates: Debian users should reference DSA-3820, Red Hat users should apply RHSA-2017:2060, and Gentoo users should follow GLSA 201705-10. As a temporary mitigation until patching is complete, consider implementing input validation for media files from untrusted sources or isolating media processing operations in sandboxed environments to limit the impact of potential crashes.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today