CVE-2017-5846

MEDIUM
2017-02-09 [email protected]
5.5
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
CVE Published
Feb 09, 2017 - 15:59 nvd
MEDIUM 5.5

Tags

Denial Of Service Gstreamer

Description

The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.

Analysis

A out-of-bounds read vulnerability exists in GStreamer's ASF demuxer (gst-plugins-ugly) that allows remote attackers to trigger a denial of service by crafting malicious video files with specially crafted extended stream properties containing an invalid number of languages. GStreamer versions before 1.10.3 are affected, and the vulnerability is triggered through local user interaction with a malicious media file, resulting in application crashes due to invalid memory access. While EPSS scoring indicates relatively low exploitation probability (0.80%, 74th percentile), this is a straightforward denial of service with clear triggering mechanisms.

Technical Context

The vulnerability resides in the gst_asf_demux_process_ext_stream_props function within gst/asfdemux/gstasfdemux.c in GStreamer's gst-plugins-ugly library (CPE: cpe:2.3:a:gstreamer:gstreamer). ASF (Advanced Systems Format) is a multimedia container format developed by Microsoft, commonly used in WMV and WMA files. The flaw is classified as CWE-125 (Out-of-bounds Read), indicating the function fails to properly validate the number of languages field in extended stream properties before reading memory. When processing a crafted ASF file with a malformed language count, the demuxer reads beyond allocated buffer boundaries, causing memory access violations. This is a parsing vulnerability triggered during media file deserialization.

Affected Products

GStreamer versions prior to 1.10.3 are affected, specifically the gst-plugins-ugly component (CPE: cpe:2.3:a:gstreamer:gstreamer). Debian confirmed vulnerable packages in its security advisory DSA-3821 (http://www.debian.org/security/2017/dsa-3821) with further tracking in Debian LTS (https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html). Gentoo also documented the vulnerability in GLSA-201705-10 (https://security.gentoo.org/glsa/201705-10). The vendor released GStreamer 1.10.3 as the patched version (https://gstreamer.freedesktop.org/releases/1.10/#1.10.3), indicating the fix was made available in February 2017.

Remediation

Upgrade GStreamer to version 1.10.3 or later immediately; users on older stable branches should check their distribution's backports (Debian LTS provides patched versions as noted in their announcement). Verify that gst-plugins-ugly is updated as part of the GStreamer installation, since the vulnerable code is in that plugin package. Until patching is complete, restrict user access to untrusted media files and educate users to avoid opening ASF/WMV files from untrusted sources. Organizations relying on GStreamer in media processing pipelines should prioritize this update and validate patches against regression testing with existing media assets. For further details, consult the official GStreamer release notes at https://gstreamer.freedesktop.org/releases/1.10/#1.10.3 and the Debian security advisory at http://www.debian.org/security/2017/dsa-3821.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.8
CVSS: +28
POC: 0

Share

CVE-2017-5846 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy