The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVSS Details
- CVSS 3.0 Base Score: 7.8
- CVSS 3.0 Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Centos_linux | — | centos-upgrade-gstreamer-plugins-bad-freecentos-upgrade-gstreamer-plugins-bad-free-debuginfocentos-upgrade-gstreamer-plugins-bad-free-develcentos-upgrade-gstreamer-plugins-bad-free-devel-docs | Jan 27, 2017 | Jan 9, 2017 |
| Debian | debian-upgrade-gst-plugins-bad0-10 | Mar 31, 2017 | Nov 20, 2016 | |
| Gentoo Linux | gentoo-linux-upgrade-media-libs-gst-plugins-badgentoo-linux-upgrade-media-libs-gst-plugins-basegentoo-linux-upgrade-media-libs-gst-plugins-goodgentoo-linux-upgrade-media-libs-gst-plugins-ugly | Oct 30, 2017 | Jan 23, 2017 | |
| Huawei Euleros 2_0_sp1 | huawei-euleros-2_0_sp1-upgrade-gstreamer-plugins-bad-freehuawei-euleros-2_0_sp1-upgrade-gstreamer-plugins-bad-free-develhuawei-euleros-2_0_sp1-upgrade-gstreamer-plugins-bad-free-devel-docs | Nov 30, 2017 | Jan 23, 2017 | |
| Huawei Euleros 2_0_sp2 | huawei-euleros-2_0_sp2-upgrade-gstreamer-plugins-bad-free | Nov 30, 2017 | Jan 23, 2017 | |
| Oracle Solaris | oracle-solaris-11-3-upgrade-library-audio-gstreamer-0-10-32-0-175-3-0-0-26-0 | Oct 31, 2018 | Jan 23, 2017 | |
| Oracle_linux | — | oracle-linux-upgrade-gstreamer-plugins-bad-freeoracle-linux-upgrade-gstreamer-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-free-devel-docsoracle-linux-upgrade-gstreamer-plugins-bad-free-extras | Jan 5, 2017 | Nov 14, 2016 |
| Redhat_linux | — | redhat-upgrade-gstreamer-plugins-bad-freeredhat-upgrade-gstreamer-plugins-bad-free-debuginforedhat-upgrade-gstreamer-plugins-bad-free-develredhat-upgrade-gstreamer-plugins-bad-free-devel-docs | Jan 5, 2017 | Jan 5, 2017 |
| Suse | — | suse-upgrade-gstreamer-0_10-plugins-badsuse-upgrade-gstreamer-0_10-plugins-bad-develsuse-upgrade-gstreamer-0_10-plugins-bad-langsuse-upgrade-libgstbasecamerabinsrc-0_10-23suse-upgrade-libgstbasecamerabinsrc-0_10-23-32bitsuse-upgrade-libgstbasevideo-0_10-23suse-upgrade-libgstbasevideo-0_10-23-32bitsuse-upgrade-libgstcodecparsers-0_10-23suse-upgrade-libgstphotography-0_10-23suse-upgrade-libgstphotography-0_10-23-32bitsuse-upgrade-libgstsignalprocessor-0_10-23suse-upgrade-libgstsignalprocessor-0_10-23-32bitsuse-upgrade-libgstvdp-0_10-23suse-upgrade-libgstvdp-0_10-23-32bit | Jan 6, 2017 | Jan 5, 2017 |
| Ubuntu | ubuntu-upgrade-gst-plugins-bad0-10 | Nov 19, 2024 | Jan 23, 2017 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub