What is the severity of CVE-2017-5846?

CVE-2017-5846 has a severity rating classified as high due to its potential to cause denial of service.

How do I fix CVE-2017-5846?

To mitigate CVE-2017-5846, update GStreamer to version 1.10.3 or later.

What causes the vulnerability identified by CVE-2017-5846?

CVE-2017-5846 is caused by an invalid memory read in the gst_asf_demux_process_ext_stream_props function.

Which versions of GStreamer are affected by CVE-2017-5846?

GStreamer versions prior to 1.10.3 are affected by CVE-2017-5846.

Can CVE-2017-5846 be exploited remotely?

Yes, CVE-2017-5846 can be exploited remotely, allowing attackers to crash the application.

Vulnerability/
CVE-2017-5846

medium

5.5

CWE

125

9/2/2017

30/5/2020

CVE-2017-5846

First published: Thu Feb 09 2017(Updated: )

The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GStreamer	<=1.10.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-5846?
CVE-2017-5846 has a severity rating classified as high due to its potential to cause denial of service.
How do I fix CVE-2017-5846?
To mitigate CVE-2017-5846, update GStreamer to version 1.10.3 or later.
What causes the vulnerability identified by CVE-2017-5846?
CVE-2017-5846 is caused by an invalid memory read in the gst_asf_demux_process_ext_stream_props function.
Which versions of GStreamer are affected by CVE-2017-5846?
GStreamer versions prior to 1.10.3 are affected by CVE-2017-5846.
Can CVE-2017-5846 be exploited remotely?
Yes, CVE-2017-5846 can be exploited remotely, allowing attackers to crash the application.

agent/weakness
agent/references
agent/author
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/description
vendor/gstreamer project
canonical/gstreamer
version/gstreamer/1.10.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.