vulnerability
Oracle Linux: CVE-2016-9445: ELSA-2016-2974: gstreamer-plugins-bad-free security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Nov 15, 2016 | Jan 5, 2017 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Nov 15, 2016
Added
Jan 5, 2017
Modified
Dec 3, 2025
Description
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Solutions
oracle-linux-upgrade-gstreamer1-plugins-bad-freeoracle-linux-upgrade-gstreamer1-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-freeoracle-linux-upgrade-gstreamer-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-free-devel-docsoracle-linux-upgrade-gstreamer-plugins-bad-free-extras
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.