CVE-2019-9928

Опубликовано: 24 апр. 2019

Источник: debian

EPSS Средний

Описание

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gst-plugins-base1.0	fixed	1.15.90-1	experimental	package
gst-plugins-base1.0	fixed	1.14.4-2		package
gst-plugins-base0.10	removed			package

Примечания

https://gstreamer.freedesktop.org/security/sa-2019-0001.html
https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157
https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/commit/f672277509705c4034bc92a141eefee4524d15aa (1.15.90)

EPSS

Процентиль: 95%

0.17603

Средний

Связанные уязвимости

CVE-2019-9928

CVSS3: 8.8

ubuntu

почти 7 лет назад

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

CVE-2019-9928

CVSS3: 7.5

redhat

почти 7 лет назад

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

CVE-2019-9928

CVSS3: 8.8

nvd

почти 7 лет назад

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

openSUSE-SU-2020:0678-1

suse-cvrf

больше 5 лет назад

Security update for gstreamer-plugins-base

openSUSE-SU-2019:1639-1

suse-cvrf

больше 6 лет назад

Security update for gstreamer-plugins-base

EPSS

Процентиль: 95%

0.17603

Средний