Vulnerabilities > CVE-2016-9811 - Out-of-bounds Read vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201705-10.NASL description The remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 100263 published 2017-05-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100263 title GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code NASL family Fedora Local Security Checks NASL id FEDORA_2016-A17657197C.NASL description typefind: bounds check windows ico detection Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-12-12 plugin id 95682 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95682 title Fedora 24 : gstreamer-plugins-base (2016-a17657197c) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-95.NASL description This update for gstreamer-plugins-base fixes the following issues : - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669). last seen 2020-06-05 modified 2017-01-17 plugin id 96559 published 2017-01-17 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96559 title openSUSE Security Update : gstreamer-plugins-base (openSUSE-2017-95) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-87.NASL description This update for gstreamer-plugins-base fixes the following issue : - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669) last seen 2020-06-05 modified 2017-01-17 plugin id 96553 published 2017-01-17 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96553 title openSUSE Security Update : gstreamer-plugins-base (openSUSE-2017-87) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1205.NASL description According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2017-09-11 plugin id 103063 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103063 title EulerOS 2.0 SP1 : gstreamer (EulerOS-SA-2017-1205) NASL family Fedora Local Security Checks NASL id FEDORA_2016-4FFF0CBC66.NASL description Fix for Out of bounds heap read in windows_icon_typefind Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-12-12 plugin id 95675 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95675 title Fedora 24 : gstreamer1-plugins-base (2016-4fff0cbc66) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-169.NASL description gstreamer-0_10-plugins-base was updated to fix one issue. 	 This security issue was fixed : - CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-01-30 plugin id 96866 published 2017-01-30 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96866 title openSUSE Security Update : gstreamer-0_10-plugins-base (openSUSE-2017-169) NASL family Fedora Local Security Checks NASL id FEDORA_2016-4C8140241F.NASL description typefind: bounds check windows ico detection Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-12-12 plugin id 95674 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95674 title Fedora 25 : gstreamer-plugins-base (2016-4c8140241f) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1206.NASL description According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-03 modified 2017-09-11 plugin id 103064 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103064 title EulerOS 2.0 SP2 : gstreamer (EulerOS-SA-2017-1206) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0189-1.NASL description - CVE-2016-9811: out of bound memory read could lead to crash [bsc#1013669]. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96604 published 2017-01-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96604 title SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-base (SUSE-SU-2017:0189-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-735.NASL description An out of bounds heap read issue was found in gst-plugins-base0.10. For Debian 7 last seen 2020-03-17 modified 2016-12-08 plugin id 95634 published 2016-12-08 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95634 title Debian DLA-735-1 : gst-plugins-base0.10 security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0211-1.NASL description This update for gstreamer-plugins-base fixes the following issues : - CVE-2016-9811: Malicious file could could cause an invalid read leading to crash [bsc#1013669] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96655 published 2017-01-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96655 title SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-base (SUSE-SU-2017:0211-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2060.NASL description An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The following packages have been upgraded to a later upstream version: clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26). Security Fix(es) : * Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102150 published 2017-08-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102150 title RHEL 7 : GStreamer (RHSA-2017:2060) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-168.NASL description This update for gstreamer-plugins-base fixes the following issues : - CVE-2016-9811: Malicious file could could cause an invalid read leading to crash [bsc#1013669] This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-01-30 plugin id 96865 published 2017-01-30 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96865 title openSUSE Security Update : gstreamer-plugins-base (openSUSE-2017-168) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0263-1.NASL description gstreamer-0_10-plugins-base was updated to fix one issue. This security issue was fixed : - CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96717 published 2017-01-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96717 title SUSE SLED12 / SLES12 Security Update : gstreamer-0_10-plugins-base (SUSE-SU-2017:0263-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0289-1.NASL description This update for gstreamer-0_10-plugins-base fixes the following issue : - CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96795 published 2017-01-26 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96795 title SUSE SLES11 Security Update : gstreamer-0_10-plugins-base (SUSE-SU-2017:0289-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3819.NASL description Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 99005 published 2017-03-28 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99005 title Debian DSA-3819-1 : gst-plugins-base1.0 - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2126.NASL description Some isses have been found in gst-plugins-base0.10, a package that provides GStreamer plugins from the last seen 2020-03-17 modified 2020-03-02 plugin id 134177 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134177 title Debian DLA-2126-1 : gst-plugins-base0.10 security update NASL family Scientific Linux Local Security Checks NASL id SL_20170802_GSTREAMER_ON_SL7_X.NASL description The following packages have been upgraded to a later upstream version: clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26). Security Fix(es) : - Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848) last seen 2020-03-18 modified 2017-08-22 plugin id 102659 published 2017-08-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102659 title Scientific Linux Security Update : GStreamer on SL7.x x86_64 (20170802) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3244-1.NASL description Hanno Bock discovered that GStreamer Base Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 99023 published 2017-03-28 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99023 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : gst-plugins-base0.10, gst-plugins-base1.0 vulnerabilities (USN-3244-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2060.NASL description An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The following packages have been upgraded to a later upstream version: clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26). Security Fix(es) : * Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102752 published 2017-08-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102752 title CentOS 7 : clutter-gst2 / gnome-video-effects / gstreamer-plugins-bad-free / etcgstreamer1 / etc (CESA-2017:2060) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0242-1.NASL description This update for gstreamer-0_10-plugins-base fixes the following issue : - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96696 published 2017-01-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96696 title SUSE SLED12 / SLES12 Security Update : gstreamer-0_10-plugins-base (SUSE-SU-2017:0242-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-89.NASL description This update for gstreamer-0_10-plugins-base fixes the following issue : - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669) ---------- last seen 2020-06-05 modified 2017-01-17 plugin id 96555 published 2017-01-17 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96555 title openSUSE Security Update : gstreamer-0_10-plugins-base (openSUSE-2017-89)
Redhat
advisories |
| ||||
rpms |
|
References
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://bugzilla.gnome.org/show_bug.cgi?id=774902
- http://www.openwall.com/lists/oss-security/2016/12/05/8
- http://www.openwall.com/lists/oss-security/2016/12/01/2
- http://www.securityfocus.com/bid/95161
- https://security.gentoo.org/glsa/201705-10
- http://www.debian.org/security/2017/dsa-3819
- https://access.redhat.com/errata/RHSA-2017:2060
- https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/