PT-2017-10142 · Gstreamer+3 · Gstreamer+3

Marcus Meissner

Publicado

2016-11-15

Atualizado

2018-01-05

CVE-2016-9447

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gstreamer versions 0.10.x

Description The issue concerns a denial of service and potential arbitrary code execution through a crafted NSF music file. This is due to out-of-bounds read or write operations in the ROM mappings of the NSF decoder.

Recommendations For gstreamer versions 0.10.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-787

Identificadores relacionados

CESA-2016_2974

CESA-2017_0018

CVE-2016-9447

DLA-712-1

DSA-3713-1

MGASA-2018-0012

RHSA-2016:2974

RHSA-2016_2974

RHSA-2017:0018

RHSA-2017_0018

SUSE-SU-2017:0027-1

SUSE-SU-2017:0028-1

Produtos afetados

Centos

Red Hat

Suse

Gstreamer

PT-2017-10142 · Gstreamer+3 · Gstreamer+3

CVE-2016-9447

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 59