fkie_cve-2016-9447
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E74CD7B-4B0A-4B45-88DE-94810A22C676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67D2049C-B29F-49F8-8A6F-73CEB9BE392E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B562DD4-0A74-4094-AAAE-A0979EF3DAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "440DCD70-8731-4970-BEA4-A13B143021C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4869856B-DF8E-47DA-A1BE-8DC274A505F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89614F1F-5F1C-452C-8E1A-CB27955BBABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE098B70-4D3F-4C37-909C-2894C204E9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DFA23A-8B3C-4623-8E5B-61FC180C54F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBDBA5A-5BEB-4980-9BF3-8051751BDABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B02A4F3C-3C64-46BC-B5A6-2C28B37B518B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "382ED380-3984-4321-A4D1-C9EA5AE8DE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "176D351B-0C85-4F79-B0AE-B3685E7CFDAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F95F7733-C237-4FD7-ACB9-AEB321F2267E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB6D744-DF2E-4E82-81C3-63AAC3432EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6C145CB0-8B0D-4158-9E1E-A1DF4E81EF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EE3F25-D87C-4A99-A740-F6EB8A2F077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DC2241-6AF0-4A15-AB8E-C91C0E5225DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DF7793-859D-4ABA-8C2E-0D39E680F666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "09733F7D-604B-495F-B046-331CEFCCA219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "86C6EAC1-9329-408E-AE7C-2A5F9F4DF170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E83925C8-0A7B-4BD7-8B61-7393298EA3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "055E1118-FA05-4CE4-B5D4-5609C4F00F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "92BAA14A-990B-41BB-95AC-0BD2260A3F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "8131E152-6397-413D-9887-A16645CB615E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F744AB7B-736C-4F7B-9723-D691B2B3264B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "72184894-2F14-44A1-99E3-370D93DE7FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "00F4F2AB-D30C-401D-93FD-8AEE48331EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "FE867325-C029-4A19-966C-7721A05DF41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "D4082ACC-C3E9-4E5E-B832-0B3381984657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.29:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAB9637-68EF-4464-B11E-F00D9D200B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C34174F1-C2F3-48A5-A9C8-7B16B2264F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6F42-07C6-4ED4-A0F0-DEFB0355BFFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCF2035-A361-4D63-B26A-4DA96FF2B888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F130C013-E572-468F-BFD0-46FDDD7D8AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.34:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCE7F50-D281-4099-9D61-63C44C17843F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.35:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC89C66-CDC8-4AD1-BEEB-9806DBEAD2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:0.10.36:*:*:*:*:*:*:*",
"matchCriteriaId": "642DA4C9-A755-4768-9D89-606E606F643E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file."
},
{
"lang": "es",
"value": "Los mapeos ROM en el decodificador NSF en gstreamer 0.10.x permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura o escritura fuera de l\u00edmites) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de m\u00fasica NSF manipulado."
}
],
"id": "CVE-2016-9447",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:03.127",
"references": [
{
"source": "security@opentext.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2974.html"
},
{
"source": "security@opentext.com",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0018.html"
},
{
"source": "security@opentext.com",
"url": "http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html"
},
{
"source": "security@opentext.com",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/12"
},
{
"source": "security@opentext.com",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/13"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/94427"
},
{
"source": "security@opentext.com",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2974.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201705-10"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…