CVE-2017-5844
MEDIUMCVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
Analysis
A floating point exception vulnerability exists in GStreamer's gst_riff_create_audio_caps function within gst-plugins-base versions prior to 1.10.3, allowing remote attackers to trigger a denial of service crash by supplying a specially crafted ASF (Advanced Systems Format) audio file. The vulnerability requires user interaction (file opening) but no elevated privileges, making it exploitable through common media playback scenarios. With an EPSS score of 0.72 (72nd percentile) and confirmed patch availability from the vendor, this represents a moderate real-world risk primarily affecting applications and systems that process untrusted media files.
Technical Context
The vulnerability resides in the gst-riff library (gst-libs/gst/riff/riff-media.c) within GStreamer's multimedia framework, specifically in the audio capability creation routine used to parse ASF container metadata. The root cause is classified as CWE-369 (Divide By Zero), indicating that the gst_riff_create_audio_caps function performs division or modulo operations on attacker-controlled values derived from ASF file headers without proper validation or bounds checking. GStreamer is a widely-used multimedia library (affected CPE: cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*) integrated into numerous desktop environments, media players, and web browsers for audio and video processing. The parsing occurs when GStreamer attempts to introspect codec parameters from malformed ASF container headers, which can specify invalid sample rates or channel configurations that lead to zero or null values in arithmetic operations.
Affected Products
GStreamer versions prior to 1.10.3 are affected, as confirmed by the CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. All distributions shipping gst-plugins-base with vulnerable GStreamer versions are susceptible, including Debian (addressed in DSA-3819, with extended support noted in February 2020 LTS announcements), Red Hat Enterprise Linux and derivatives (RHSA-2017:2060), and Gentoo Linux (GLSA-201705-10). The vulnerability specifically affects the gst-plugins-base package component, so systems with GStreamer versions 1.10.2 and earlier that process ASF audio files are at risk. The canonical vendor advisory is available at https://gstreamer.freedesktop.org/releases/1.10/#1.10.3, confirming version 1.10.3 as the fixed release.
Remediation
Immediately upgrade GStreamer and gst-plugins-base to version 1.10.3 or later (see vendor advisory at https://gstreamer.freedesktop.org/releases/1.10/#1.10.3). For distributions, apply the respective security updates: Debian systems should install the patched packages from DSA-3819, Red Hat systems should apply RHSA-2017:2060, and Gentoo systems should follow GLSA-201705-10 guidance. If immediate patching is not feasible, implement input validation at the application level by rejecting or sandboxing ASF files from untrusted sources, disable ASF/WMA codec support if not required, and isolate media processing to a restricted user account without network access. Organizations relying on older LTS distributions should prioritize backporting security fixes or planning upgrades, as Debian LTS patches were still being released for this vulnerability as of February 2020.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today