EPSS
Percentile
78.5%
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
bugzilla.redhat.com/show_bug.cgi?id=1397063
scarybeastsecurity.blogspot.sk/2016/11/0day-poc-risky-design-decisions-in.html