CVE-2016-9811 — Out-of-bounds Read in Gstreamer
Severity
4.7MEDIUMNVD
EPSS
0.5%
top 34.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 13
Latest updateMay 13
Description
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 35, Enterprise Linux 7.4, 7.5, 7.6, 7.7
🔴Vulnerability Details
3GHSA▶
GHSA-f9mv-78h4-x2jx: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1↗2022-05-13
OSV▶
CVE-2016-9811: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1↗2017-01-13
CVEList▶
CVE-2016-9811: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1↗2017-01-13
📋Vendor Advisories
3💬Community
6Bugzilla▶
CVE-2016-9811 gstreamer1-plugins-base: gstreamer: Out of bounds heap read in windows_icon_typefind [fedora-all]↗2016-12-06
Bugzilla▶
CVE-2016-9811 mingw-gstreamer1-plugins-base: gstreamer: Out of bounds heap read in windows_icon_typefind [fedora-all]↗2016-12-06
Bugzilla▶
CVE-2016-9811 mingw-gstreamer-plugins-base: gstreamer: Out of bounds heap read in windows_icon_typefind [fedora-all]↗2016-12-06
Bugzilla▶
CVE-2016-9811 gstreamer-plugins-base: gstreamer: Out of bounds heap read in windows_icon_typefind [fedora-all]↗2016-12-06