Published: 23/01/2017 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote malicious users to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gstreamer project gstreamer 0.10.17
gstreamer project gstreamer 0.10.36
gstreamer project gstreamer 0.10.20
gstreamer project gstreamer 0.10.24
gstreamer project gstreamer 0.10.29
gstreamer project gstreamer 0.10.31
gstreamer project gstreamer 0.10.25
gstreamer project gstreamer 0.10.28
gstreamer project gstreamer 0.10.22
gstreamer project gstreamer 0.10.23
gstreamer project gstreamer 0.10.6
gstreamer project gstreamer 0.10.9
gstreamer project gstreamer 0.10.1
gstreamer project gstreamer 0.10.18
gstreamer project gstreamer 0.10.8
gstreamer project gstreamer 0.10.14
gstreamer project gstreamer 0.10.3
gstreamer project gstreamer 0.10.0
gstreamer project gstreamer 0.10.30
gstreamer project gstreamer 0.10.35
gstreamer project gstreamer 0.10.12
gstreamer project gstreamer 0.10.15
gstreamer project gstreamer 0.10.21
gstreamer project gstreamer 0.10.32
gstreamer project gstreamer 0.10.11
gstreamer project gstreamer 0.10.4
gstreamer project gstreamer 0.10.5
gstreamer project gstreamer 0.10.2
gstreamer project gstreamer 0.10.7
gstreamer project gstreamer 0.10.10
gstreamer project gstreamer 0.10.16
gstreamer project gstreamer 0.10.27
gstreamer project gstreamer 0.10.34
gstreamer project gstreamer 0.10.19
gstreamer project gstreamer 0.10.26
gstreamer project gstreamer 0.10.13
gstreamer project gstreamer 0.10.33

Synopsis Moderate: gstreamer-plugins-bad-free security update Type/Severity Security Advisory: Moderate Topic An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Important: gstreamer-plugins-bad-free security update Type/Severity Security Advisory: Important Topic An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...

A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application ...

CWE-125 CWE-787 http://www.openwall.com/lists/oss-security/2016/11/18/13 http://rhn.redhat.com/errata/RHSA-2017-0018.html http://www.openwall.com/lists/oss-security/2016/11/18/12 http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html http://www.securityfocus.com/bid/94427 http://rhn.redhat.com/errata/RHSA-2016-2974.html https://security.gentoo.org/glsa/201705-10 https://access.redhat.com/errata/RHSA-2017:0018 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-9447

CVE-2016-9447

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect