Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2016-9445
HistoryNov 21, 2016 - 11:17 a.m.

CVE-2016-9445

2016-11-2111:17:22
redhat.com
access.redhat.com
19

EPSS

0.062

Percentile

93.6%

JSON

An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer’s VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Mitigation

This mitigation is only required if vulnerable gstreamer-plugins-bad-free and/or gstreamer1-plugins-bad-free packages are installed.

For RHEL 7,

sudo rm /usr/lib*/gstreamer-1.0/libgstvmnc.so
sudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so

For RHEL 6,

sudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so

Please note that this mitigation deletes the vulnerable VMware NC decoder, which removes the functionality to play VMware movie files.

Related

fedora 2
openvas 19
osv 2
ubuntucve 1
veracode 1
nessus 32
nvd 1
cve 1
prion 1
debiancve 1
cvelist 1
suse 3
oraclelinux 3
archlinux 1
redhat 3
centos 3
debian 1
mageia 1
gentoo 1
fedora
fedora
[SECURITY] Fedora 25 Update: gstreamer1-plugins-bad-free-1.10.1-1.fc25
2016-12-04 16:54:12
[SECURITY] Fedora 24 Update: gstreamer1-plugins-bad-free-1.8.3-2.fc24
2016-12-06 10:29:58
openvas
openvas
Fedora Update for gstreamer1-plugins-bad-free FEDORA-2016-a82e35272c
2016-12-07 00:00:00
Fedora Update for gstreamer1-plugins-bad-free FEDORA-2016-c4004fe99e
2016-12-07 00:00:00
RedHat Update for gstreamer-plugins-bad-free RHSA-2016:2974-01
2016-12-22 00:00:00
osv
osv
CVE-2016-9445
2017-01-23 21:59:03
gst-plugins-bad0.10 - security update
2016-11-19 00:00:00
ubuntucve
ubuntucve
CVE-2016-9445
2017-01-23 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:14:57
nessus
nessus
Fedora 25 : gstreamer1-plugins-bad-free (2016-a82e35272c)
2016-12-05 00:00:00
Fedora 24 : gstreamer1-plugins-bad-free (2016-c4004fe99e)
2016-12-07 00:00:00
Oracle Linux 6 : gstreamer-plugins-bad-free (ELSA-2016-2974)
2016-12-22 00:00:00
nvd
nvd
CVE-2016-9445
2017-01-23 21:59:03
cve
cve
CVE-2016-9445
2017-01-23 21:59:03
prion
prion
Integer overflow
2017-01-23 21:59:00
debiancve
debiancve
CVE-2016-9445
2017-01-23 21:59:03
cvelist
cvelist
CVE-2016-9445
2017-01-23 21:00:00
suse
suse
Security update for gstreamer-plugins-bad (important)
2016-12-14 18:11:15
Security update for gstreamer-0_10-plugins-bad (important)
2016-12-14 13:07:27
Security update for gstreamer-plugins-bad (important)
2016-12-30 00:08:58
oraclelinux
oraclelinux
gstreamer-plugins-bad-free security update
2016-12-21 00:00:00
gstreamer-plugins-bad-free security update
2017-01-05 00:00:00
gstreamer1-plugins-bad-free security update
2017-01-05 00:00:00
archlinux
archlinux
[ASA-201701-3] gst-plugins-bad: multiple issues
2017-01-02 00:00:00
redhat
redhat
(RHSA-2016:2974) Important: gstreamer-plugins-bad-free security update
2016-12-21 11:38:13
(RHSA-2017:0018) Moderate: gstreamer-plugins-bad-free security update
2017-01-05 08:42:29
(RHSA-2017:0021) Moderate: gstreamer1-plugins-bad-free security update
2017-01-05 08:52:23
centos
centos
gstreamer security update
2016-12-21 17:41:28
gstreamer security update
2017-01-09 18:12:36
gstreamer1 security update
2017-01-09 18:11:54
debian
debian
[SECURITY] [DLA 712-1] gst-plugins-bad0.10 security update
2016-11-19 23:56:32
mageia
mageia
Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability
2018-01-01 18:50:28
gentoo
gentoo
GStreamer plug-ins: User-assisted execution of arbitrary code
2017-05-18 00:00:00

EPSS

0.062

Percentile

93.6%

JSON
Related for RH:CVE-2016-9445
fedora2openvas19osv2ubuntucve1veracode1nessus32nvd1cve1prion1debiancve1cvelist1suse3oraclelinux3archlinux1redhat3centos3debian1mageia1gentoo1