vulnerability
Oracle Linux: CVE-2016-9445: ELSA-2016-2974: gstreamer-plugins-bad-free security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | 11/15/2016 | 01/05/2017 | 01/07/2025 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
11/15/2016
Added
01/05/2017
Modified
01/07/2025
Description
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Solution(s)
oracle-linux-upgrade-gstreamer1-plugins-bad-freeoracle-linux-upgrade-gstreamer1-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-freeoracle-linux-upgrade-gstreamer-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-free-devel-docsoracle-linux-upgrade-gstreamer-plugins-bad-free-extras

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.