Denial of Service Vulnerability in GStreamer 0.10.x Products
CVE-2016-9447

7.8HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
23 January 2017

What is CVE-2016-9447?

The NSF decoder in GStreamer version 0.10.x has a vulnerability that allows remote attackers to exploit vulnerabilities through specially crafted NSF music files. These files can lead to denial of service due to out-of-bounds reads or writes, and in some cases, may allow for the execution of arbitrary code, posing significant security risks to systems using this software. Users are recommended to update their instances to mitigate potential threats.

References

http://www.openwall.com/lists/oss-security/2016/11/18/13
mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2017-0018.html
vendor-advisoryx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2016/11/18/12
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.