Vulnerabilities > CVE-2016-9445 - Integer Overflow or Wraparound vulnerability in Gstreamer Project Gstreamer 1.10.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gstreamer-project
CWE-190
nessus
NVD
Published: 2017-01-23
Updated: 2023-11-07

Summary

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Gstreamer_Project
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201705-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100263
    published2017-05-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100263
    titleGLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3296-1.NASL
    descriptionThis update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes : - Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829) - CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659). - CVE-2016-9812: Add more section size checks (bsc#1013678). - CVE-2016-9813: fix PAT parsing (bsc#1013680). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96258
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96258
    titleSUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2016:3296-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1009.NASL
    descriptionAccording to the versions of the gstreamer-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-05-06
    modified2017-05-01
    plugin id99855
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99855
    titleEulerOS 2.0 SP2 : gstreamer-plugins-bad-free (EulerOS-SA-2017-1009)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0021.NASL
    descriptionAn update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96342
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96342
    titleCentOS 7 : gstreamer1-plugins-bad-free (CESA-2017:0021)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0021.NASL
    descriptionFrom Red Hat Security Advisory 2017:0021 : An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96329
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96329
    titleOracle Linux 7 : gstreamer1-plugins-bad-free (ELSA-2017-0021)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0018.NASL
    descriptionFrom Red Hat Security Advisory 2017:0018 : An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96326
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96326
    titleOracle Linux 7 : gstreamer-plugins-bad-free (ELSA-2017-0018)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0021.NASL
    descriptionAn update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id101404
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101404
    titleVirtuozzo 7 : gstreamer1-plugins-bad-free / etc (VZLSA-2017-0021)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-64.NASL
    descriptionThis update for gstreamer-0_10-plugins-bad fixes the following issues : - CVE-2016-9445, CVE-2016-9446: Protection against buffer overflows (bsc#1010829) - CVE-2016-9447: Disable the nsf plugin (bsc#1010514) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96383
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96383
    titleopenSUSE Security Update : gstreamer-0_10-plugins-bad (openSUSE-2017-64)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0018.NASL
    descriptionAn update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96339
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96339
    titleCentOS 7 : gstreamer-plugins-bad-free (CESA-2017:0018)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0018.NASL
    descriptionAn update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96310
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96310
    titleRHEL 7 : gstreamer-plugins-bad-free (RHSA-2017:0018)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2974.NASL
    descriptionAn update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96049
    published2016-12-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96049
    titleCentOS 6 : gstreamer-plugins-bad-free (CESA-2016:2974)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1007.NASL
    descriptionAccording to the versions of the gstreamer1-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-05-06
    modified2017-05-01
    plugin id99853
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99853
    titleEulerOS 2.0 SP2 : gstreamer1-plugins-bad-free (EulerOS-SA-2017-1007)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1481.NASL
    descriptionThis update for gstreamer-0_10-plugins-bad fixes the following issues : - Maliciously crafted VMnc files (VMware video format) could lead to crashes (CVE-2016-9445, CVE-2016-9446, boo#1010829). - Maliciously crafted NSF files (NES sound format) could lead to arbitrary code execution (CESA-2016-0001, boo#1010514). Therefore for security reasons the NSF plugin has been removed from the package.
    last seen2020-06-05
    modified2016-12-14
    plugin id95818
    published2016-12-14
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95818
    titleopenSUSE Security Update : gstreamer-0_10-plugins-bad (openSUSE-2016-1481)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0018.NASL
    descriptionAn update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id101401
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101401
    titleVirtuozzo 7 : gstreamer-plugins-bad-free / etc (VZLSA-2017-0018)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1483.NASL
    descriptionThis update for gstreamer-plugins-bad fixes the following issues : - Maliciously crafted VMnc (VMware video) streams (typically contained in .avi files) could cause code execution during decoding or information leaks due to an uninitialized buffer (CVE-2016-9445, CVE-2016-9446, boo#1010829).
    last seen2020-06-05
    modified2016-12-16
    plugin id95912
    published2016-12-16
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95912
    titleopenSUSE Security Update : gstreamer-plugins-bad (openSUSE-2016-1483)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-A82E35272C.NASL
    descriptionUpdate to 1.10.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-12-05
    plugin id95494
    published2016-12-05
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95494
    titleFedora 25 : gstreamer1-plugins-bad-free (2016-a82e35272c)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1010.NASL
    descriptionAccording to the versions of the gstreamer-plugins-bad-free packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-05-06
    modified2017-05-01
    plugin id99856
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99856
    titleEulerOS 2.0 SP1 : gstreamer-plugins-bad-free (EulerOS-SA-2017-1010)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1008.NASL
    descriptionAccording to the versions of the gstreamer1-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-05-06
    modified2017-05-01
    plugin id99854
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99854
    titleEulerOS 2.0 SP1 : gstreamer1-plugins-bad-free (EulerOS-SA-2017-1008)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0027-1.NASL
    descriptionThis update for gstreamer-0_10-plugins-bad fixes the following issues : - CVE-2016-9445, CVE-2016-9446: Protection against buffer overflows (bsc#1010829) - CVE-2016-9447: Disable the nsf plugin (bsc#1010514) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96334
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96334
    titleSUSE SLED12 Security Update : gstreamer-0_10-plugins-bad (SUSE-SU-2017:0027-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-63.NASL
    descriptionThis update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes : - Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829) - CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659). - CVE-2016-9812: Add more section size checks (bsc#1013678). - CVE-2016-9813: fix PAT parsing (bsc#1013680). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96382
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96382
    titleopenSUSE Security Update : gstreamer-plugins-bad (openSUSE-2017-63)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2974.NASL
    descriptionAn update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96039
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96039
    titleRHEL 6 : gstreamer-plugins-bad-free (RHSA-2016:2974)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3297-1.NASL
    descriptionThis update for gstreamer-plugins-bad fixes the following issues : - CVE-2016-9809: Malicious mkv/h264 file could cause an off by one out of bounds read and lead to crash (bsc#1013659) - CVE-2016-9812: Malicious mpeg file could cause invalid a NULL pointer access and lead to crash (bsc#1013678) - CVE-2016-9813: Malicious mpegts file could cause invalid a NULL pointer access and lead to crash (bsc#1013680) - CVE-2016-9445, CVE-2016-9446: Check an integer overflow and initialize a buffer in vmncdec (bsc#1010829) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96259
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96259
    titleSUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2016:3297-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0021.NASL
    descriptionAn update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96313
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96313
    titleRHEL 7 : gstreamer1-plugins-bad-free (RHSA-2017:0021)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-712.NASL
    descriptionCVE-2016-9445 CVE-2016-9446 Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code. He also found that an initialized buffer may lead into memory disclosure. CVE-2016-9447 Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code. For Debian 7
    last seen2020-03-17
    modified2016-11-21
    plugin id94983
    published2016-11-21
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94983
    titleDebian DLA-712-1 : gst-plugins-bad0.10 security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170105_GSTREAMER_PLUGINS_BAD_FREE_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-03-18
    modified2017-01-06
    plugin id96332
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96332
    titleScientific Linux Security Update : gstreamer-plugins-bad-free on SL7.x x86_64 (20170105)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0028-1.NASL
    descriptionThis update for gstreamer-0_10-plugins-bad fixes the following issues : - CVE-2016-9445, CVE-2016-9446: Protection against buffer overflows (bsc#1010829) - CVE-2016-9447: Disable the nsf plugin (bsc#1010514) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96335
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96335
    titleSUSE SLED12 Security Update : gstreamer-0_10-plugins-bad (SUSE-SU-2017:0028-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2974.NASL
    descriptionFrom Red Hat Security Advisory 2016:2974 : An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-06-01
    modified2020-06-02
    plugin id96066
    published2016-12-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96066
    titleOracle Linux 6 : gstreamer-plugins-bad-free (ELSA-2016-2974)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161221_GSTREAMER_PLUGINS_BAD_FREE_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-03-18
    modified2016-12-21
    plugin id96041
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96041
    titleScientific Linux Security Update : gstreamer-plugins-bad-free on SL6.x i386/x86_64 (20161221)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170105_GSTREAMER1_PLUGINS_BAD_FREE_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer
    last seen2020-03-18
    modified2017-01-06
    plugin id96330
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96330
    titleScientific Linux Security Update : gstreamer1-plugins-bad-free on SL7.x x86_64 (20170105)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-C4004FE99E.NASL
    descriptionFix Integer overflow when allocating render buffer in vmnc decoder Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-12-07
    plugin id95584
    published2016-12-07
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95584
    titleFedora 24 : gstreamer1-plugins-bad-free (2016-c4004fe99e)

Redhat

advisories
  • rhsa
    idRHSA-2016:2974
  • rhsa
    idRHSA-2017:0018
  • rhsa
    idRHSA-2017:0021
rpms
  • gstreamer-plugins-bad-free-0:0.10.19-5.el6_8
  • gstreamer-plugins-bad-free-debuginfo-0:0.10.19-5.el6_8
  • gstreamer-plugins-bad-free-devel-0:0.10.19-5.el6_8
  • gstreamer-plugins-bad-free-devel-docs-0:0.10.19-5.el6_8
  • gstreamer-plugins-bad-free-extras-0:0.10.19-5.el6_8
  • gstreamer-plugins-bad-free-0:0.10.23-22.el7_3
  • gstreamer-plugins-bad-free-debuginfo-0:0.10.23-22.el7_3
  • gstreamer-plugins-bad-free-devel-0:0.10.23-22.el7_3
  • gstreamer-plugins-bad-free-devel-docs-0:0.10.23-22.el7_3
  • gstreamer1-plugins-bad-free-0:1.4.5-6.el7_3
  • gstreamer1-plugins-bad-free-debuginfo-0:1.4.5-6.el7_3
  • gstreamer1-plugins-bad-free-devel-0:1.4.5-6.el7_3

References