vulnerability

Oracle Linux: CVE-2016-9445: ELSA-2016-2974: gstreamer-plugins-bad-free security update (IMPORTANT) (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
11/15/2016
Added
01/05/2017
Modified
01/07/2025

Description

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Solution(s)

oracle-linux-upgrade-gstreamer1-plugins-bad-freeoracle-linux-upgrade-gstreamer1-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-freeoracle-linux-upgrade-gstreamer-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-free-devel-docsoracle-linux-upgrade-gstreamer-plugins-bad-free-extras
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.