Description
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/11/18/13
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0018.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/11/18/12
Various Sources x_refsource_misc
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94427
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2974.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201705-10
Scores
CVSS v3
7.8
EPSS
0.0048
EPSS Percentile
65.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
CWE-787
Status
published
Products (50)
gstreamer/gstreamer
0.10.0
gstreamer/gstreamer
0.10.1
gstreamer/gstreamer
0.10.2
gstreamer/gstreamer
0.10.3
gstreamer/gstreamer
0.10.4
gstreamer/gstreamer
0.10.5
gstreamer/gstreamer
0.10.6
gstreamer/gstreamer
0.10.7
gstreamer/gstreamer
0.10.8
gstreamer/gstreamer
0.10.9
... and 40 more
Published
Jan 23, 2017
Tracked Since
Feb 18, 2026