Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title GStreamer Base Plugins vulnerability
Name USN-3958-1 First vendor Publication 2019-04-29
Vendor Ubuntu Last vendor Modification 2019-04-29
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS


GStreamer Base Plugins could be made to crash or run programs if it received specially crafted network traffic.

Software Description: - gst-plugins-base1.0: GStreamer plugins - gst-plugins-base0.10: GStreamer plugins


It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams. If a user were tricked into opening a crafted RTSP stream with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10:
gstreamer1.0-plugins-base 1.14.4-1ubuntu1.1

Ubuntu 18.04 LTS:
gstreamer1.0-plugins-base 1.14.1-1ubuntu1~ubuntu18.04.2

Ubuntu 16.04 LTS:
gstreamer0.10-plugins-base 0.10.36-2ubuntu0.2
gstreamer1.0-plugins-base 1.8.3-1ubuntu0.3

In general, a standard system update will make all the necessary changes.


Package Information:


Original Source

Url : http://www.ubuntu.com/usn/USN-3958-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Application 39
Os 3
Os 2

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-03-19 13:20:11
  • First insertion