CVE-2016-9636
gstreamer-plugins-good: Heap buffer overflow in FLIC decoder
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) proporcionando un "recuento de escritura" que va más allá del búfer inicializado.
Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-23 CVE Reserved
- 2016-11-24 CVE Published
- 2024-03-21 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/11/24/2 | Mailing List |
|
| http://www.securityfocus.com/bid/94499 | Third Party Advisory | |
| https://bugzilla.gnome.org/show_bug.cgi?id=774834 | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2975.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2017-0019.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2017-0020.html | 2018-01-05 | |
| http://www.debian.org/security/2016/dsa-3723 | 2018-01-05 | |
| http://www.debian.org/security/2016/dsa-3724 | 2018-01-05 | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | 2018-01-05 | |
| https://security.gentoo.org/glsa/201705-10 | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2016-9636 | 2017-01-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1397441 | 2017-01-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gstreamer Search vendor "Gstreamer" | Gstreamer Search vendor "Gstreamer" for product "Gstreamer" | <= 1.10.1 Search vendor "Gstreamer" for product "Gstreamer" and version " <= 1.10.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Hpc Node Search vendor "Redhat" for product "Enterprise Linux Hpc Node" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Hpc Node" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||