CVE-2016-9447
First published: Mon Jan 23 2017(Updated: )
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
Credit: meissner@suse.de security@opentext.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GStreamer | =0.10.0 | |
| GStreamer | =0.10.1 | |
| GStreamer | =0.10.2 | |
| GStreamer | =0.10.3 | |
| GStreamer | =0.10.4 | |
| GStreamer | =0.10.5 | |
| GStreamer | =0.10.6 | |
| GStreamer | =0.10.7 | |
| GStreamer | =0.10.8 | |
| GStreamer | =0.10.9 | |
| GStreamer | =0.10.10 | |
| GStreamer | =0.10.11 | |
| GStreamer | =0.10.12 | |
| GStreamer | =0.10.13 | |
| GStreamer | =0.10.14 | |
| GStreamer | =0.10.15 | |
| GStreamer | =0.10.16 | |
| GStreamer | =0.10.17 | |
| GStreamer | =0.10.18 | |
| GStreamer | =0.10.19 | |
| GStreamer | =0.10.20 | |
| GStreamer | =0.10.21 | |
| GStreamer | =0.10.22 | |
| GStreamer | =0.10.23 | |
| GStreamer | =0.10.24 | |
| GStreamer | =0.10.25 | |
| GStreamer | =0.10.26 | |
| GStreamer | =0.10.27 | |
| GStreamer | =0.10.28 | |
| GStreamer | =0.10.29 | |
| GStreamer | =0.10.30 | |
| GStreamer | =0.10.31 | |
| GStreamer | =0.10.32 | |
| GStreamer | =0.10.33 | |
| GStreamer | =0.10.34 | |
| GStreamer | =0.10.35 | |
| GStreamer | =0.10.36 | |
| =0.10.0 | ||
| =0.10.1 | ||
| =0.10.2 | ||
| =0.10.3 | ||
| =0.10.4 | ||
| =0.10.5 | ||
| =0.10.6 | ||
| =0.10.7 | ||
| =0.10.8 | ||
| =0.10.9 | ||
| =0.10.10 | ||
| =0.10.11 | ||
| =0.10.12 | ||
| =0.10.13 | ||
| =0.10.14 | ||
| =0.10.15 | ||
| =0.10.16 | ||
| =0.10.17 | ||
| =0.10.18 | ||
| =0.10.19 | ||
| =0.10.20 | ||
| =0.10.21 | ||
| =0.10.22 | ||
| =0.10.23 | ||
| =0.10.24 | ||
| =0.10.25 | ||
| =0.10.26 | ||
| =0.10.27 | ||
| =0.10.28 | ||
| =0.10.29 | ||
| =0.10.30 | ||
| =0.10.31 | ||
| =0.10.32 | ||
| =0.10.33 | ||
| =0.10.34 | ||
| =0.10.35 | ||
| =0.10.36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-2974.html
- http://rhn.redhat.com/errata/RHSA-2017-0018.html
- http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
- http://www.openwall.com/lists/oss-security/2016/11/18/12
- http://www.openwall.com/lists/oss-security/2016/11/18/13
- http://www.securityfocus.com/bid/94427
- https://security.gentoo.org/glsa/201705-10
Frequently Asked Questions
What is the severity of CVE-2016-9447?
CVE-2016-9447 has been classified with high severity due to the potential for remote denial of service and arbitrary code execution.
How do I fix CVE-2016-9447?
To fix CVE-2016-9447, it is recommended to update GStreamer to the latest version available that addresses this vulnerability.
What versions are affected by CVE-2016-9447?
CVE-2016-9447 affects GStreamer versions 0.10.0 through 0.10.36.
Can CVE-2016-9447 be exploited remotely?
Yes, CVE-2016-9447 can be exploited remotely through crafted NSF music files.
What symptoms may indicate exploitation of CVE-2016-9447?
Symptoms of exploitation of CVE-2016-9447 may include unexpected crashes or performance issues in applications using GStreamer.
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/gstreamer project
- canonical/gstreamer
- version/gstreamer/0.10.0
- version/gstreamer/0.10.1
- version/gstreamer/0.10.2
- version/gstreamer/0.10.3
- version/gstreamer/0.10.4
- version/gstreamer/0.10.5
- version/gstreamer/0.10.6
- version/gstreamer/0.10.7
- version/gstreamer/0.10.8
- version/gstreamer/0.10.9
- version/gstreamer/0.10.10
- version/gstreamer/0.10.11
- version/gstreamer/0.10.12
- version/gstreamer/0.10.13
- version/gstreamer/0.10.14
- version/gstreamer/0.10.15
- version/gstreamer/0.10.16
- version/gstreamer/0.10.17
- version/gstreamer/0.10.18
- version/gstreamer/0.10.19
- version/gstreamer/0.10.20
- version/gstreamer/0.10.21
- version/gstreamer/0.10.22
- version/gstreamer/0.10.23
- version/gstreamer/0.10.24
- version/gstreamer/0.10.25
- version/gstreamer/0.10.26
- version/gstreamer/0.10.27
- version/gstreamer/0.10.28
- version/gstreamer/0.10.29
- version/gstreamer/0.10.30
- version/gstreamer/0.10.31
- version/gstreamer/0.10.32
- version/gstreamer/0.10.33
- version/gstreamer/0.10.34
- version/gstreamer/0.10.35
- version/gstreamer/0.10.36