Published: 27/01/2017 Updated: 05/01/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer prior to 1.10.2 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gstreamer gstreamer
redhat enterprise linux workstation 6.0
redhat enterprise linux hpc node 6.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
debian debian linux 8.0

Debian Bug report logs - #845375 gst-plugins-good10: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 Package: src:gst-plugins-good10; Maintainer for src:gst-plugins-good10 is Maintainers of GStreamer packages <gst-plugins-good10@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 22 No ...

Synopsis Important: gstreamer-plugins-good security update Type/Severity Security Advisory: Important Topic An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...

Synopsis Moderate: gstreamer1-plugins-good security update Type/Severity Security Advisory: Moderate Topic An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...

Synopsis Moderate: gstreamer-plugins-good security update Type/Severity Security Advisory: Moderate Topic An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...

Chris Evans discovered that the GStreamer 10 plugin used to decode files in the FLIC format allowed execution of arbitrary code Further details can be found in his advisory at scarybeastsecurityblogspotde/2016/11/0day-exploit-advancing-exploitationhtml For the stable distribution (jessie), these problems have been fixed in version 14 ...

Chris Evans discovered that the GStreamer 010 plugin used to decode files in the FLIC format allowed execution of arbitrary code Further details can be found in his advisory at scarybeastsecurityblogspotde/2016/11/0day-exploit-advancing-exploitationhtml This update removes the insecure FLIC file format plugin For the stable distributi ...

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application ...

CWE-119 https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 https://bugzilla.gnome.org/show_bug.cgi?id=774834 http://www.securityfocus.com/bid/94499 http://www.openwall.com/lists/oss-security/2016/11/24/2 http://www.debian.org/security/2016/dsa-3724 http://www.debian.org/security/2016/dsa-3723 http://rhn.redhat.com/errata/RHSA-2016-2975.html https://security.gentoo.org/glsa/201705-10 http://rhn.redhat.com/errata/RHSA-2017-0020.html http://rhn.redhat.com/errata/RHSA-2017-0019.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845375 https://nvd.nist.gov https://www.debian.org/security/./dsa-3723

CVE-2016-9634

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect