CVE-2017-5848 in GStreamer
Summary
by MITRE
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/17/2026
The vulnerability identified as CVE-2017-5848 resides within the GStreamer multimedia framework's gst-plugins-bad component, specifically in the gst_ps_demux_parse_psm function located in gst/mpegdemux/gstmpegdemux.c. This function is responsible for parsing Program Stream Maps (PSM) which are essential elements in MPEG-2 transport streams and program streams. The flaw manifests when processing malformed PSM data structures that can be embedded within media files or streams, creating a scenario where remote attackers can manipulate the parsing logic to trigger unexpected behavior. The vulnerability classifies under CWE-125, which represents an out-of-bounds read condition, and aligns with ATT&CK technique T1499.004 for denial of service attacks targeting application stability.
The technical exploitation of this vulnerability occurs when the gst_ps_demux_parse_psm function attempts to parse malformed PSM data without adequate input validation or bounds checking. The function processes program stream map information that contains metadata about the structure and content of MPEG-2 streams, including details about elementary streams and their associated identifiers. When attackers provide specially crafted PSM data that exceeds expected boundaries or contains invalid field values, the parsing routine can access memory locations beyond the allocated buffer space. This invalid memory read causes the application to crash, resulting in a denial of service condition that affects the entire GStreamer pipeline processing the malicious content.
The operational impact of CVE-2017-5848 extends beyond simple service disruption, as it represents a critical weakness in multimedia processing frameworks that are widely deployed across various platforms and applications. Systems relying on GStreamer for video processing, streaming services, media players, and content delivery networks become vulnerable to remote exploitation through crafted media files or network streams. The vulnerability affects not only desktop applications but also server-side components that process user-uploaded media content, creating potential attack vectors through file upload portals, content management systems, and streaming platforms. This makes the vulnerability particularly dangerous in environments where untrusted media content is processed, as it can be exploited to crash services or applications without requiring elevated privileges or specific user interaction.
Mitigation strategies for CVE-2017-5848 should focus on immediate patching of affected GStreamer installations, particularly versions prior to 1.12.1 where the vulnerability was addressed. Organizations should implement input validation mechanisms that sanitize media file headers and metadata before processing, ensuring that PSM data conforms to expected formats and boundaries. Network-based mitigations can include content filtering systems that scan media files for known malicious patterns or employ sandboxing techniques to isolate media processing components. Additionally, implementing proper error handling and graceful degradation mechanisms can help prevent complete application crashes when malformed data is encountered. The vulnerability highlights the importance of robust input validation in multimedia frameworks and demonstrates how seemingly minor parsing flaws can result in significant security impacts, reinforcing the need for comprehensive security testing and code review processes in multimedia processing libraries.