CVE-2016-9811

MEDIUM

Gstreamer < 1.10.1 - Out-of-Bounds Read

Title source: rule

Description

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

References (10)

Scores

CVSS v3 4.7
EPSS 0.0049
EPSS Percentile 65.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-125
Status published

Affected Products (17)

gstreamer/gstreamer < 1.10.1
fedoraproject/fedora
debian/debian_linux
debian/debian_linux
redhat/enterprise_linux_desktop
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_server
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_tus
redhat/enterprise_linux_server_tus
... and 2 more

Timeline

Published Jan 13, 2017
Tracked Since Feb 18, 2026