CVE-2016-9636
published 2017-01-27CVE-2016-9636: Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | gst-plugins-good1.0 | < gst-plugins-good1.0 1.10.1-2 (bookworm) | gst-plugins-good1.0 1.10.1-2 (bookworm) |
| gstreamer | gstreamer | <= 1.10.1 | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL