Vulnerability Description
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gstreamer | Gstreamer | 0.10.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2974.html
- http://rhn.redhat.com/errata/RHSA-2017-0018.html
- http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-de
- http://www.openwall.com/lists/oss-security/2016/11/18/12
- http://www.openwall.com/lists/oss-security/2016/11/18/13
- http://www.securityfocus.com/bid/94427
- https://security.gentoo.org/glsa/201705-10
- http://rhn.redhat.com/errata/RHSA-2016-2974.html
- http://rhn.redhat.com/errata/RHSA-2017-0018.html
- http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-de
- http://www.openwall.com/lists/oss-security/2016/11/18/12
- http://www.openwall.com/lists/oss-security/2016/11/18/13
- http://www.securityfocus.com/bid/94427
- https://security.gentoo.org/glsa/201705-10
FAQ
What is CVE-2016-9447?
CVE-2016-9447 is a vulnerability with a CVSS score of 7.8 (HIGH). The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music fi...
How severe is CVE-2016-9447?
CVE-2016-9447 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9447?
Check the references section above for vendor advisories and patch information. Affected products include: Gstreamer Gstreamer.