rpm package
suse/gstreamer-0_10-plugins-bad&distro=SUSE Linux Enterprise Desktop 12 SP1
pkg:rpm/suse/gstreamer-0_10-plugins-bad&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9447 | Hig | 7.8 | < 0.10.23-19.3.4 | 0.10.23-19.3.4 | Jan 23, 2017 | The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file. | |
| CVE-2016-9446 | Hig | 7.5 | < 0.10.23-19.3.4 | 0.10.23-19.3.4 | Jan 23, 2017 | The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | |
| CVE-2016-9445 | Hig | 7.5 | < 0.10.23-19.3.4 | 0.10.23-19.3.4 | Jan 23, 2017 | Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | |
| CVE-2016-9809 | Hig | 7.8 | < 0.10.23-19.6.1 | 0.10.23-19.6.1 | Jan 13, 2017 | Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. |
- affected < 0.10.23-19.3.4fixed 0.10.23-19.3.4
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
- affected < 0.10.23-19.3.4fixed 0.10.23-19.3.4
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
- affected < 0.10.23-19.3.4fixed 0.10.23-19.3.4
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
- affected < 0.10.23-19.6.1fixed 0.10.23-19.6.1
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.