CVE-2016-9447

The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
gstreamergstreamer
0.10.0
gstreamergstreamer
0.10.1
gstreamergstreamer
0.10.2
gstreamergstreamer
0.10.3
gstreamergstreamer
0.10.4
gstreamergstreamer
0.10.5
gstreamergstreamer
0.10.6
gstreamergstreamer
0.10.7
gstreamergstreamer
0.10.8
gstreamergstreamer
0.10.9
gstreamergstreamer
0.10.10
gstreamergstreamer
0.10.11
gstreamergstreamer
0.10.12
gstreamergstreamer
0.10.13
gstreamergstreamer
0.10.14
gstreamergstreamer
0.10.15
gstreamergstreamer
0.10.16
gstreamergstreamer
0.10.17
gstreamergstreamer
0.10.18
gstreamergstreamer
0.10.19
gstreamergstreamer
0.10.20
gstreamergstreamer
0.10.21
gstreamergstreamer
0.10.22
gstreamergstreamer
0.10.23
gstreamergstreamer
0.10.24
gstreamergstreamer
0.10.25
gstreamergstreamer
0.10.26
gstreamergstreamer
0.10.27
gstreamergstreamer
0.10.28
gstreamergstreamer
0.10.29
gstreamergstreamer
0.10.30
gstreamergstreamer
0.10.31
gstreamergstreamer
0.10.32
gstreamergstreamer
0.10.33
gstreamergstreamer
0.10.34
gstreamergstreamer
0.10.35
gstreamergstreamer
0.10.36
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gst-plugins-bad0.10
precise
Fixed 0.10.22.3-2ubuntu2.4
released
trusty
Fixed 0.10.23-7.2ubuntu1.2
released
xenial
dne
yakkety
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gstreamer-0_10-plugins-bad
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
gstreamer-0_10-plugins-bad-lang
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstbasecamerabinsrc-0_10-23
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstbasecamerabinsrc-0_10-23-32bit
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstbasevideo-0_10-23
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstbasevideo-0_10-23-32bit
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstcodecparsers-0_10-23
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstphotography-0_10-23
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstphotography-0_10-23-32bit
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstsignalprocessor-0_10-23
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstsignalprocessor-0_10-23-32bit
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstvdp-0_10-23
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
libgstvdp-0_10-23-32bit
suse enterprise desktop 12 SP1
0.10.23-19.3.4
fixed
suse enterprise desktop 12 SP2
0.10.23-22.5
fixed
suse enterprise desktop 12 SP3
0.10.23-25.1
fixed
suse enterprise desktop 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP1
0.10.23-19.3.4
fixed
suse enterprise sap 12 SP2
0.10.23-22.5
fixed
suse enterprise sap 12 SP3
0.10.23-25.1
fixed
suse enterprise sap 12 SP4
0.10.23-25.1
fixed
suse enterprise sap 12 SP5
0.10.23-22.5
fixed
suse enterprise server 12 SP1
0.10.23-19.3.4
fixed
suse enterprise server 12 SP2
0.10.23-22.5
fixed
suse enterprise server 12 SP3
0.10.23-25.1
fixed
suse enterprise server 12 SP4
0.10.23-25.1
fixed
suse enterprise server 12 SP5
0.10.23-22.5
fixed
suse enterprise workstation 12 SP1
0.10.23-19.3.4
fixed
suse enterprise workstation 12 SP2
0.10.23-22.5
fixed
suse enterprise workstation 12 SP3
0.10.23-25.1
fixed
suse enterprise workstation 12 SP4
0.10.23-25.1
fixed
suse enterprise workstation 12 SP5
0.10.23-22.5
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gstreamer-plugins-bad-free
RHEL 6
0:0.10.19-5.el6_8
fixed
RHEL 7
0:0.10.23-22.el7_3
fixed
gstreamer-plugins-bad-free-devel
RHEL 6
0:0.10.19-5.el6_8
fixed
RHEL 7
0:0.10.23-22.el7_3
fixed
gstreamer-plugins-bad-free-devel-docs
RHEL 6
0:0.10.19-5.el6_8
fixed
RHEL 7
0:0.10.23-22.el7_3
fixed
gstreamer-plugins-bad-free-extras
RHEL 6
0:0.10.19-5.el6_8
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2974.html
http://rhn.redhat.com/errata/RHSA-2017-0018.html
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
http://www.openwall.com/lists/oss-security/2016/11/18/12
http://www.openwall.com/lists/oss-security/2016/11/18/13
http://www.securityfocus.com/bid/94427
https://security.gentoo.org/glsa/201705-10
http://rhn.redhat.com/errata/RHSA-2016-2974.html
http://rhn.redhat.com/errata/RHSA-2017-0018.html
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
http://www.openwall.com/lists/oss-security/2016/11/18/12
http://www.openwall.com/lists/oss-security/2016/11/18/13
http://www.securityfocus.com/bid/94427
https://security.gentoo.org/glsa/201705-10