CVE-2017-5842

MEDIUM
2017-02-09 [email protected]
5.5
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Feb 09, 2017 - 15:59 nvd
MEDIUM 5.5

Tags

Denial Of Service Buffer Overflow Gstreamer

Description

The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.

Analysis

A out-of-bounds write vulnerability exists in the SAMI subtitle parser (samiparse.c) within GStreamer's gst-plugins-base library before version 1.10.3, triggered when processing maliciously crafted SMI subtitle files. The vulnerability allows remote attackers to cause a denial of service condition by crashing the application through memory corruption. With an EPSS score of 0.80% (74th percentile), patch availability from the vendor, and documented proof-of-concept files (OneNote_Manager.smi), this represents a low-to-moderate exploitation risk despite the moderate CVSS 5.5 score.

Technical Context

The vulnerability resides in the html_context_handle_element function within gst/subparse/samiparse.c, which is part of GStreamer's subtitle parsing subsystem. GStreamer (CPE: cpe:2.3:a:gstreamer:gstreamer) is a multimedia framework used across Linux distributions and media applications for audio/video processing and subtitle handling. The root cause is classified as CWE-787 (Out-of-bounds Write), where insufficient bounds checking in the SAMI parser allows an attacker-controlled SMI file to write data beyond allocated buffer boundaries. SAMI (Synchronized Accessible Media Interchange) is a legacy caption format commonly embedded in media containers; the parser fails to properly validate element attributes or buffer sizes before writing parsed content, leading to heap or stack corruption depending on memory layout.

Affected Products

GStreamer and gst-plugins-base versions prior to 1.10.3 are affected, as confirmed by the vendor advisory at https://gstreamer.freedesktop.org/releases/1.10/#1.10.3. The CPE designation cpe:2.3:a:gstreamer:gstreamer applies to all affected GStreamer installations. Multiple downstream distributions have issued security updates, including Debian (DSA-3819), Red Hat (RHSA-2017:2060), and Gentoo (GLSA-201705-10). Any application or system embedding GStreamer for multimedia playback, including those processing user-supplied subtitle files, is vulnerable if running versions before 1.10.3.

Remediation

Upgrade GStreamer and gst-plugins-base to version 1.10.3 or later as advised by the GStreamer project (https://gstreamer.freedesktop.org/releases/1.10/#1.10.3). For Linux distributions, apply official patches via package managers: Debian users should apply DSA-3819, Red Hat users should apply RHSA-2017:2060, and Gentoo users should apply GLSA-201705-10. Until patching is possible, restrict the use of GStreamer to process only subtitle files from trusted sources, disable automatic subtitle loading in media players, and avoid opening SAMI files (.smi) from untrusted origins. Organizations should prioritize patching systems in environments where GStreamer processes user-supplied or internet-sourced subtitle content.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.8
CVSS: +28
POC: 0

Share

CVE-2017-5842 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy