1. Home
  2. CVE Database
  3. CVE-2016-9446
HIGH · 7.5

CVE-2016-9446

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that ...

Vulnerability Description

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
GstreamerGstreamer< 1.11.1
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Eus7.4
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Server Aus7.4
RedhatEnterprise Linux Server Tus7.6
RedhatEnterprise Linux Workstation7.0
FedoraprojectFedora35

Related Weaknesses (CWE)

CWE-665

References

FAQ

What is CVE-2016-9446?

CVE-2016-9446 is a vulnerability with a CVSS score of 7.5 (HIGH). The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that ...

How severe is CVE-2016-9446?

CVE-2016-9446 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9446?

Check the references section above for vendor advisories and patch information. Affected products include: Gstreamer Gstreamer, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.