vulnerability
Oracle Linux: CVE-2016-9447: ELSA-2016-2974: gstreamer-plugins-bad-free security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | 2016-11-14 | 2017-01-05 | 2025-01-07 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
2016-11-14
Added
2017-01-05
Modified
2025-01-07
Description
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Solution(s)
oracle-linux-upgrade-gstreamer-plugins-bad-freeoracle-linux-upgrade-gstreamer-plugins-bad-free-develoracle-linux-upgrade-gstreamer-plugins-bad-free-devel-docsoracle-linux-upgrade-gstreamer-plugins-bad-free-extras
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.