CVE-2016-9635
Severity
9.8CRITICAL
EPSS
16.1%
top 5.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJan 27
Latest updateMay 14
Description
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 8.0
🔴Vulnerability Details
3GHSA▶
GHSA-r6qf-x4mq-x26g: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec↗2022-05-14
OSV▶
CVE-2016-9635: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec↗2017-01-27
CVEList▶
CVE-2016-9635: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec↗2017-01-27
📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9808 mingw-gstreamer-plugins-good: gstreamer-plugins-good: Heap buffer overflow in FLIC decoder [fedora-all]↗2016-12-06
Bugzilla▶
CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9808 mingw-gstreamer1-plugins-good: gstreamer-plugins-good: Heap buffer overflow in FLIC decoder [fedora-all]↗2016-12-06
Bugzilla▶
CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9808 gstreamer-plugins-good: Heap buffer overflow in FLIC decoder↗2016-11-22
Bugzilla▶
CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9808 gstreamer-plugins-good: gstreamer: Heap buffer overflow in FLIC decoder [fedora-all]↗2016-11-22
Bugzilla▶
CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9808 gstreamer1-plugins-good: gstreamer: Heap buffer overflow in FLIC decoder [fedora-all]↗2016-11-22