Vulnerability Description
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gstreamer | Gstreamer | 1.10.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2974.html
- http://rhn.redhat.com/errata/RHSA-2017-0018.html
- http://rhn.redhat.com/errata/RHSA-2017-0021.html
- http://www.openwall.com/lists/oss-security/2016/11/18/12
- http://www.openwall.com/lists/oss-security/2016/11/18/13
- http://www.securityfocus.com/bid/94421
- https://bugzilla.gnome.org/show_bug.cgi?id=774533
- https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c
- https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-i
- https://security.gentoo.org/glsa/201705-10
- http://rhn.redhat.com/errata/RHSA-2016-2974.html
- http://rhn.redhat.com/errata/RHSA-2017-0018.html
- http://rhn.redhat.com/errata/RHSA-2017-0021.html
- http://www.openwall.com/lists/oss-security/2016/11/18/12
- http://www.openwall.com/lists/oss-security/2016/11/18/13
FAQ
What is CVE-2016-9445?
CVE-2016-9445 is a vulnerability with a CVSS score of 7.5 (HIGH). Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
How severe is CVE-2016-9445?
CVE-2016-9445 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9445?
Check the references section above for vendor advisories and patch information. Affected products include: Gstreamer Gstreamer.