CVE-2016-9447 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microfocus	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 64%

Vendor	Product	Version
gstreamer_project	gstreamer	0.10.0
gstreamer_project	gstreamer	0.10.1
gstreamer_project	gstreamer	0.10.2
gstreamer_project	gstreamer	0.10.3
gstreamer_project	gstreamer	0.10.4
gstreamer_project	gstreamer	0.10.5
gstreamer_project	gstreamer	0.10.6
gstreamer_project	gstreamer	0.10.7
gstreamer_project	gstreamer	0.10.8
gstreamer_project	gstreamer	0.10.9
gstreamer_project	gstreamer	0.10.10
gstreamer_project	gstreamer	0.10.11
gstreamer_project	gstreamer	0.10.12
gstreamer_project	gstreamer	0.10.13
gstreamer_project	gstreamer	0.10.14
gstreamer_project	gstreamer	0.10.15
gstreamer_project	gstreamer	0.10.16
gstreamer_project	gstreamer	0.10.17
gstreamer_project	gstreamer	0.10.18
gstreamer_project	gstreamer	0.10.19
gstreamer_project	gstreamer	0.10.20
gstreamer_project	gstreamer	0.10.21
gstreamer_project	gstreamer	0.10.22
gstreamer_project	gstreamer	0.10.23
gstreamer_project	gstreamer	0.10.24
gstreamer_project	gstreamer	0.10.25
gstreamer_project	gstreamer	0.10.26
gstreamer_project	gstreamer	0.10.27
gstreamer_project	gstreamer	0.10.28
gstreamer_project	gstreamer	0.10.29
gstreamer_project	gstreamer	0.10.30
gstreamer_project	gstreamer	0.10.31
gstreamer_project	gstreamer	0.10.32
gstreamer_project	gstreamer	0.10.33
gstreamer_project	gstreamer	0.10.34
gstreamer_project	gstreamer	0.10.35
gstreamer_project	gstreamer	0.10.36

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

gst-plugins-bad0.10

yakkety	dne
xenial	dne
trusty	Fixed 0.10.23-7.2ubuntu1.2 released
precise	Fixed 0.10.22.3-2ubuntu2.4 released

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://rhn.redhat.com/errata/RHSA-2016-2974.html

http://rhn.redhat.com/errata/RHSA-2017-0018.html

http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html

http://www.openwall.com/lists/oss-security/2016/11/18/12

http://www.openwall.com/lists/oss-security/2016/11/18/13

http://www.securityfocus.com/bid/94427

https://security.gentoo.org/glsa/201705-10

http://rhn.redhat.com/errata/RHSA-2016-2974.html

http://rhn.redhat.com/errata/RHSA-2017-0018.html

http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html

http://www.openwall.com/lists/oss-security/2016/11/18/12

http://www.openwall.com/lists/oss-security/2016/11/18/13

http://www.securityfocus.com/bid/94427

https://security.gentoo.org/glsa/201705-10