CVE-2016-9813

MEDIUM

GStreamer < 1.10.1 - Denial of Service via MPEG-TS PAT Parser

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9813. PoCs published by Hanno Boeck.

AI-analyzed exploit summary This exploit demonstrates a null pointer dereference vulnerability in the GStreamer mpegts parser, leading to a segmentation fault. The provided file triggers the issue in the `_parse_pat` function, as confirmed by the AddressSanitizer stack trace.

Description

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hanno Boeck · textdoslinux

https://www.exploit-db.com/exploits/42162

View Code ZIP pw:eip

This exploit demonstrates a null pointer dereference vulnerability in the GStreamer mpegts parser, leading to a segmentation fault. The provided file triggers the issue in the `_parse_pat` function, as confirmed by the AddressSanitizer stack trace.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: GStreamer gst-plugins-bad (specific version not specified)

No auth needed

Prerequisites: A malformed mpegts file to trigger the null pointer dereference

MITRE ATT&CK