vulnerability
Oracle Linux: CVE-2016-9445: ELSA-2016-2974: gstreamer-plugins-bad-free security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Nov 15, 2016 | Jan 5, 2017 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Nov 15, 2016
Added
Jan 5, 2017
Modified
Dec 3, 2025
Description
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Solutions
oracle-linux-upgrade-gstreamer1-plugins-bad-freeoracle-linux-upgrade-gstreamer1-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-freeoracle-linux-upgrade-gstreamer-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-free-devel-docsoracle-linux-upgrade-gstreamer-plugins-bad-free-extras
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.