{"id":"CVE-2017-5847","details":"The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.","modified":"2026-05-30T09:15:14.563284Z","published":"2017-02-09T15:59:01.737Z","related":["openSUSE-SU-2024:10826-1","openSUSE-SU-2024:10827-1","openSUSE-SU-2024:10830-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","source":"CPE_STRING"}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3821"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/01/7"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96001"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-10"},{"type":"REPORT","url":"https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/02/9"},{"type":"FIX","url":"https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gstreamer/gst-plugins-ugly","events":[{"introduced":"0"},{"fixed":"d21017b52a585f145e8d62781bcc1c5fefc7ee37"}],"database_specific":{"source":"REFERENCES"}}],"versions":["1.11.1","1.10.0","1.11.0","1.9.90","1.9.2","1.9.1","1.8.0","1.7.91","1.7.90","1.7.2","1.7.1","1.6.0","1.5.91","1.5.90","1.5.2","1.5.1","1.4.0","1.3.91","1.3.90","1.3.3","1.3.2","1.3.1","1.2.0","1.1.90","1.1.4","1.1.3","1.1.2","1.1.1","1.0.2","1.0.1","1.0.0","RELEASE-0.11.99","RELEASE-0.11.94","RELEASE-0.11.93","RELEASE-0.11.92","RELEASE-0.11.91","RELEASE-0.11.90","RELEASE-0.11.2","RELEASE-0.11.1","RELEASE-0.10.16","RELEASE-0.10.15","RELEASE-0.10.14","RELEASE-0.10.13","RELEASE-0.10.12","RELEASE-0_10_11","GIT_CONVERSION","RELEASE-0_10_10","RELEASE-0_10_9","RELEASE-0_10_8","RELEASE-0_10_7","RELEASE-0_10_6","RELEASE-0_10_5","RELEASE-0_10_4","RELEASE-0_10_3","RELEASE-0_10_2","RELEASE-0_10_1","RELEASE-0_10_0","RELEASE-0_9_7","RELEASE-0_9_6","RELEASE-0_9_5","RELEASE-0_9_4","RELEASE-0_9_3","RELEASE-0_9_1","CHANGELOG_START","BRANCH-GSTREAMER-0_8-ROOT","BEFORE_INDENT","MOVE-TO-FDO","CAPS-MERGE-3","CAPS-ROOT","TYPEFIND-ROOT","BRANCH-ERROR-ROOT","OSLOSUMMIT1-200303051","CAPS","BRANCH-EVENTS2-ROOT","start"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5847.json","vanir_signatures":[{"id":"CVE-2017-5847-23506d7f","deprecated":false,"signature_version":"v1","target":{"file":"gst/asfdemux/gstasfdemux.c"},"digest":{"line_hashes":["279684030150557829107098172575875080776","19223400032722769411560383618065099160","294554796417022036938768244122502567476","264586475648032328220308509779421841923","130953633987926223167011240672415699377","14289265267665371767476224094306881851","340143330638629988969640357432801681471","76767141884024629636231774568565135171"],"threshold":0.9},"source":"https://github.com/gstreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37","signature_type":"Line"},{"id":"CVE-2017-5847-8ff06da9","deprecated":false,"signature_version":"v1","target":{"function":"gst_asf_demux_process_ext_content_desc","file":"gst/asfdemux/gstasfdemux.c"},"digest":{"function_hash":"23874994487442955161043057906492805608","length":4604},"source":"https://github.com/gstreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37","signature_type":"Function"}],"vanir_signatures_modified":"2026-05-30T09:15:14Z"}},{"ranges":[{"type":"GIT","repo":"https://github.com/gstreamer/gstreamer","events":[{"introduced":"0"},{"fixed":"c40f6af547f9a3f48501245c5a642bac3b9d8df2"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.11.2"}],"cpe":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["gstreamer-vaapi-1.11.1","gstreamer-vaapi-1.10.0","gstreamer-vaapi-1.11.0","gstreamer-vaapi-1.9.90","gstreamer-vaapi-1.9.2","gstreamer-vaapi-1.9.1","gstreamer-vaapi-1.8.0","gstreamer-vaapi-1.7.91","gstreamer-vaapi-1.7.90","gstreamer-vaapi-1.6.0","gstreamer-vaapi-0.7.0","gstreamer-vaapi-0.6.0","gstreamer-vaapi-0.5.10"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5847.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}