CVE-2016-9447 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
gstreamer	gstreamer	0.10.0
gstreamer	gstreamer	0.10.1
gstreamer	gstreamer	0.10.2
gstreamer	gstreamer	0.10.3
gstreamer	gstreamer	0.10.4
gstreamer	gstreamer	0.10.5
gstreamer	gstreamer	0.10.6
gstreamer	gstreamer	0.10.7
gstreamer	gstreamer	0.10.8
gstreamer	gstreamer	0.10.9
gstreamer	gstreamer	0.10.10
gstreamer	gstreamer	0.10.11
gstreamer	gstreamer	0.10.12
gstreamer	gstreamer	0.10.13
gstreamer	gstreamer	0.10.14
gstreamer	gstreamer	0.10.15
gstreamer	gstreamer	0.10.16
gstreamer	gstreamer	0.10.17
gstreamer	gstreamer	0.10.18
gstreamer	gstreamer	0.10.19
gstreamer	gstreamer	0.10.20
gstreamer	gstreamer	0.10.21
gstreamer	gstreamer	0.10.22
gstreamer	gstreamer	0.10.23
gstreamer	gstreamer	0.10.24
gstreamer	gstreamer	0.10.25
gstreamer	gstreamer	0.10.26
gstreamer	gstreamer	0.10.27
gstreamer	gstreamer	0.10.28
gstreamer	gstreamer	0.10.29
gstreamer	gstreamer	0.10.30
gstreamer	gstreamer	0.10.31
gstreamer	gstreamer	0.10.32
gstreamer	gstreamer	0.10.33
gstreamer	gstreamer	0.10.34
gstreamer	gstreamer	0.10.35
gstreamer	gstreamer	0.10.36

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

gst-plugins-bad0.10

precise	Fixed 0.10.22.3-2ubuntu2.4 released
trusty	Fixed 0.10.23-7.2ubuntu1.2 released
xenial	dne
yakkety	dne

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://rhn.redhat.com/errata/RHSA-2016-2974.html

http://rhn.redhat.com/errata/RHSA-2017-0018.html

http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html

http://www.openwall.com/lists/oss-security/2016/11/18/12

http://www.openwall.com/lists/oss-security/2016/11/18/13

http://www.securityfocus.com/bid/94427

https://security.gentoo.org/glsa/201705-10

http://rhn.redhat.com/errata/RHSA-2016-2974.html

http://rhn.redhat.com/errata/RHSA-2017-0018.html

http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html

http://www.openwall.com/lists/oss-security/2016/11/18/12

http://www.openwall.com/lists/oss-security/2016/11/18/13

http://www.securityfocus.com/bid/94427

https://security.gentoo.org/glsa/201705-10