PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5839 Gstreamer CVE debrief

CVE-2017-5839 is a remotely triggerable denial-of-service issue in GStreamer’s gst-plugins-base component. The vulnerable code path can recurse too deeply when handling nested WAVEFORMATEX content, leading to stack overflow and crash. NVD rates the issue as high severity and maps affected versions through 1.10.2, with 1.10.3 referenced as the fix in the vendor release notes.

Vendor
Gstreamer
Product
CVE-2017-5839
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-09
Original CVE updated
2026-05-13
Advisory published
2017-02-09
Advisory updated
2026-05-13

Who should care

Security and platform teams running GStreamer or gst-plugins-base 1.10.2 or earlier, especially in products that parse untrusted audio/video files or streams. Package maintainers and distro teams should also verify whether they have backported the fix into older builds.

Technical summary

The vulnerable function is gst_riff_create_audio_caps() in gst-libs/gst/riff/riff-media.c. According to the supplied NVD record, it does not properly limit recursion when processing nested WAVEFORMATEX structures, creating a stack overflow condition that can crash the process. The NVD metadata maps this to CWE-674 and uses CVSS v3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, with the affected CPE range ending at version 1.10.2.

Defensive priority

High. This is network-reachable, requires no privileges or user interaction, and can take down parsing services or applications that handle untrusted media content.

Recommended defensive actions

  • Upgrade GStreamer / gst-plugins-base to 1.10.3 or later, or install a vendor backport that includes the fix.
  • Confirm deployed package versions; ensure no 1.10.2-or-earlier binaries remain in production images, appliances, or containers.
  • Review vendor and distribution advisories for backported remediation, including Debian DSA-3819, RHSA-2017:2060, and Gentoo GLSA 201705-10.
  • Reduce exposure of media-parsing services to untrusted inputs until patched, and prefer sandboxing or process isolation where feasible.
  • Monitor for repeated crashes in media-processing workloads as an indicator that vulnerable parsing paths may still be present.

Evidence notes

The supplied NVD record identifies the vulnerable component as GStreamer gst-plugins-base and lists the affected version range through 1.10.2. It also records CWE-674 and CVSS v3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which supports a remote availability-impacting crash. The vendor release notes reference GStreamer 1.10.3, and the corpus includes related advisories from Debian, Red Hat, Gentoo, GNOME issue tracking, Openwall mailing list posts, and SecurityFocus.

Official resources

Publicly disclosed on 2017-02-09. The supplied record was later modified in NVD on 2026-05-13, but the vulnerability date of record remains the 2017 publication timestamp; the corpus references GStreamer 1.10.3 as the fix.