A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service (CVE-2016-10198). A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (CVE-2016-10199). A crafted AVI file could have caused an invalid read and thus corruption or denial of service (CVE-2017-5840). A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (CVE-2017-5841). A crafted AVI file could have caused an invalid read access resulting in denial of service (CVE-2017-5845). Note that GStreamer 0.10 was only affected by CVE-2016-10198 and CVE-2017-5840.