[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-5840":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T14:55:36.164Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":49,"related":50,"reserved_at":9,"published_at":54,"modified_at":55,"state":56,"summary":57,"references_raw":66,"kevs":117,"epss":118,"epss_history":121,"metrics":373,"affected":383},"CVE-2017-5840","The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39,41,43,45,47],{"_key":28},"ALPINE-CVE-2017-5840",{"_key":30},"SUSE-SU-2017:1004-1",{"_key":32},"SUSE-SU-2017:1010-1",{"_key":34},"DLA-2225-1",{"_key":36},"DLA-828-1",{"_key":38},"DSA-3820-1",{"_key":40},"MGASA-2017-0348",{"_key":42},"UBUNTU-CVE-2017-5840",{"_key":44},"USN-3245-1",{"_key":46},"DEBIAN-CVE-2017-5840",{"_key":48},"RHSA-2017:2060",[],[51,52,53],{"_key":30},{"_key":32},{"_key":40},"2017-02-09T15:00:00.000Z","2024-08-05T15:11:48.806Z","Modified",{"cisa_kev":58,"cisa_ransomware":58,"cisa_vendor":9,"epss_severity":59,"epss_score":60,"severity":61,"severity_score":62,"severity_version":63,"severity_source":64,"severity_vector":65,"severity_status":56},false,"low",0.03769,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[67,75,81,86,92,99,104,109,113],{"url":68,"sources":69,"tags":71},"http://www.securityfocus.com/bid/96001",[70,64],"cve.org",[72,73,74],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":76,"sources":77,"tags":78},"http://www.debian.org/security/2017/dsa-3820",[70,64],[79,80],"Vendor Advisory","X Refsource DEBIAN",{"url":82,"sources":83,"tags":84},"https://access.redhat.com/errata/RHSA-2017:2060",[70,64],[79,85],"X Refsource REDHAT",{"url":87,"sources":88,"tags":89},"https://bugzilla.gnome.org/show_bug.cgi?id=777469",[70,64],[90,91],"X Refsource CONFIRM","Issue Tracking",{"url":93,"sources":94,"tags":95},"http://www.openwall.com/lists/oss-security/2017/02/02/9",[70,64],[96,97,98,74],"Mailing List","X Refsource MLIST","Patch",{"url":100,"sources":101,"tags":102},"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",[70,64],[90,103,79],"Release Notes",{"url":105,"sources":106,"tags":107},"https://security.gentoo.org/glsa/201705-10",[70,64],[79,108],"X Refsource GENTOO",{"url":110,"sources":111,"tags":112},"http://www.openwall.com/lists/oss-security/2017/02/01/7",[70,64],[96,97,74],{"url":114,"sources":115,"tags":116},"https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html",[70,64],[96,97],[],{"date":119,"score":60,"percentile":120},"2026-06-05",0.88269,[122,126,128,131,134,137,140,142,145,148,151,154,157,159,161,165,168,171,174,177,179,182,185,188,191,194,196,198,201,203,205,208,210,212,214,217,220,223,226,229,232,234,236,239,242,245,248,250,253,256,258,261,264,267,270,273,276,278,281,284,287,290,292,295,297,299,301,304,307,310,312,314,317,320,323,326,330,333,337,340,344,347,350,353,356,359,362,365,367,370],{"date":123,"score":124,"percentile":125},"2025-11-04",0.14085,0.94058,{"date":127,"score":124,"percentile":125},"2025-11-05",{"date":129,"score":124,"percentile":130},"2025-11-06",0.94061,{"date":132,"score":124,"percentile":133},"2025-11-07",0.94063,{"date":135,"score":124,"percentile":136},"2025-11-08",0.94064,{"date":138,"score":124,"percentile":139},"2025-11-09",0.94062,{"date":141,"score":124,"percentile":136},"2025-11-10",{"date":143,"score":124,"percentile":144},"2025-11-11",0.94066,{"date":146,"score":124,"percentile":147},"2025-11-12",0.94071,{"date":149,"score":124,"percentile":150},"2025-11-13",0.94072,{"date":152,"score":124,"percentile":153},"2025-11-14",0.94074,{"date":155,"score":124,"percentile":156},"2025-11-15",0.9407,{"date":158,"score":124,"percentile":153},"2025-11-16",{"date":160,"score":124,"percentile":150},"2025-11-17",{"date":162,"score":163,"percentile":164},"2025-11-18",0.07783,0.91075,{"date":166,"score":163,"percentile":167},"2025-11-19",0.91079,{"date":169,"score":163,"percentile":170},"2025-11-20",0.91085,{"date":172,"score":124,"percentile":173},"2025-11-21",0.94079,{"date":175,"score":124,"percentile":176},"2025-11-22",0.94077,{"date":178,"score":124,"percentile":173},"2025-11-23",{"date":180,"score":124,"percentile":181},"2025-11-24",0.94081,{"date":183,"score":124,"percentile":184},"2025-11-25",0.94084,{"date":186,"score":124,"percentile":187},"2025-11-26",0.94085,{"date":189,"score":124,"percentile":190},"2025-11-27",0.94087,{"date":192,"score":124,"percentile":193},"2025-11-28",0.94083,{"date":195,"score":124,"percentile":193},"2025-11-29",{"date":197,"score":124,"percentile":193},"2025-11-30",{"date":199,"score":124,"percentile":200},"2025-12-01",0.94126,{"date":202,"score":124,"percentile":200},"2025-12-02",{"date":204,"score":124,"percentile":200},"2025-12-03",{"date":206,"score":124,"percentile":207},"2025-12-04",0.9408,{"date":209,"score":124,"percentile":184},"2025-12-05",{"date":211,"score":124,"percentile":187},"2025-12-06",{"date":213,"score":124,"percentile":193},"2025-12-07",{"date":215,"score":124,"percentile":216},"2025-12-08",0.94086,{"date":218,"score":124,"percentile":219},"2025-12-09",0.94092,{"date":221,"score":124,"percentile":222},"2025-12-10",0.941,{"date":224,"score":124,"percentile":225},"2025-12-11",0.94102,{"date":227,"score":124,"percentile":228},"2025-12-12",0.94105,{"date":230,"score":124,"percentile":231},"2025-12-13",0.94103,{"date":233,"score":124,"percentile":225},"2025-12-14",{"date":235,"score":124,"percentile":228},"2025-12-15",{"date":237,"score":124,"percentile":238},"2025-12-16",0.9411,{"date":240,"score":124,"percentile":241},"2025-12-17",0.94112,{"date":243,"score":124,"percentile":244},"2025-12-18",0.94118,{"date":246,"score":124,"percentile":247},"2025-12-19",0.94119,{"date":249,"score":124,"percentile":244},"2025-12-20",{"date":251,"score":124,"percentile":252},"2025-12-21",0.94121,{"date":254,"score":124,"percentile":255},"2025-12-22",0.9412,{"date":257,"score":124,"percentile":247},"2025-12-23",{"date":259,"score":124,"percentile":260},"2025-12-24",0.94124,{"date":262,"score":124,"percentile":263},"2025-12-25",0.9413,{"date":265,"score":124,"percentile":266},"2025-12-26",0.94129,{"date":268,"score":124,"percentile":269},"2025-12-27",0.94171,{"date":271,"score":124,"percentile":272},"2025-12-28",0.94128,{"date":274,"score":124,"percentile":275},"2025-12-29",0.94127,{"date":277,"score":124,"percentile":266},"2025-12-30",{"date":279,"score":124,"percentile":280},"2025-12-31",0.94135,{"date":282,"score":124,"percentile":283},"2026-01-01",0.94176,{"date":285,"score":124,"percentile":286},"2026-01-02",0.94172,{"date":288,"score":124,"percentile":289},"2026-01-03",0.94167,{"date":291,"score":124,"percentile":272},"2026-01-04",{"date":293,"score":124,"percentile":294},"2026-01-05",0.94125,{"date":296,"score":124,"percentile":200},"2026-01-06",{"date":298,"score":124,"percentile":200},"2026-01-07",{"date":300,"score":124,"percentile":263},"2026-01-08",{"date":302,"score":124,"percentile":303},"2026-01-09",0.94132,{"date":305,"score":124,"percentile":306},"2026-01-10",0.94133,{"date":308,"score":124,"percentile":309},"2026-01-11",0.94131,{"date":311,"score":124,"percentile":272},"2026-01-12",{"date":313,"score":124,"percentile":263},"2026-01-13",{"date":315,"score":124,"percentile":316},"2026-01-14",0.94136,{"date":318,"score":124,"percentile":319},"2026-01-15",0.94137,{"date":321,"score":124,"percentile":322},"2026-01-16",0.94141,{"date":324,"score":124,"percentile":325},"2026-01-17",0.94145,{"date":327,"score":328,"percentile":329},"2026-01-18",0.11259,0.93295,{"date":331,"score":328,"percentile":332},"2026-01-19",0.93296,{"date":334,"score":335,"percentile":336},"2026-01-20",0.09874,0.92769,{"date":338,"score":335,"percentile":339},"2026-01-21",0.92775,{"date":341,"score":342,"percentile":343},"2026-01-22",0.09638,0.92661,{"date":345,"score":342,"percentile":346},"2026-01-23",0.92667,{"date":348,"score":342,"percentile":349},"2026-01-24",0.92676,{"date":351,"score":328,"percentile":352},"2026-01-25",0.93315,{"date":354,"score":328,"percentile":355},"2026-01-26",0.93317,{"date":357,"score":328,"percentile":358},"2026-01-27",0.93319,{"date":360,"score":328,"percentile":361},"2026-01-28",0.93323,{"date":363,"score":328,"percentile":364},"2026-01-29",0.93324,{"date":366,"score":328,"percentile":361},"2026-01-30",{"date":368,"score":328,"percentile":369},"2026-01-31",0.93325,{"date":371,"score":328,"percentile":372},"2026-02-01",0.93363,[374],{"source":64,"cvss_v2_0":375,"cvss_v3_0":380,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":376,"baseSeverity":9,"vectorString":377,"impactScore":378,"exploitabilityScore":379},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":62,"baseSeverity":381,"vectorString":65,"impactScore":382,"exploitabilityScore":379},"HIGH",6,[384,395],{"ecosystem":9,"name":385,"vendor":386,"product":385,"cpe_part":387,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":388},"gstreamer","gstreamer_project","a",[389],{"version":390,"is_range":391,"range_type":392,"version_start":9,"version_start_type":9,"version_end":393,"version_end_type":394,"fixed_in":9},"lte1.10.2",true,"cpe","1.10.2","including",{"ecosystem":9,"name":385,"vendor":385,"product":385,"cpe_part":387,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":396},[397],{"version":390,"is_range":391,"range_type":392,"version_start":9,"version_start_type":9,"version_end":393,"version_end_type":394,"fixed_in":9}]