CVE-2016-9447
- Source
- https://cve.org/CVERecord?id=CVE-2016-9447
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9447.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-9447
- Downstream
- Related
- Published
- 2017-01-23T21:59:03.127Z
- Modified
- 2026-05-15T08:15:22.032049Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
- References
-
- http://www.openwall.com/lists/oss-security/2016/11/18/12
- http://www.openwall.com/lists/oss-security/2016/11/18/13
- http://www.securityfocus.com/bid/94427
- http://rhn.redhat.com/errata/RHSA-2016-2974.html
- http://rhn.redhat.com/errata/RHSA-2017-0018.html
- https://security.gentoo.org/glsa/201705-10
- http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
Affected packages
Git / github.com/gstreamer/gstreamer
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gstreamer/gstreamer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "0.10.0" }, { "last_affected": "0.10.1" }, { "last_affected": "0.10.2" }, { "last_affected": "0.10.3" }, { "last_affected": "0.10.4" }, { "last_affected": "0.10.5" }, { "last_affected": "0.10.6" }, { "last_affected": "0.10.7" }, { "last_affected": "0.10.8" }, { "last_affected": "0.10.9" }, { "last_affected": "0.10.10" }, { "last_affected": "0.10.11" }, { "last_affected": "0.10.12" }, { "last_affected": "0.10.13" }, { "last_affected": "0.10.14" }, { "last_affected": "0.10.15" }, { "last_affected": "0.10.16" }, { "last_affected": "0.10.17" }, { "last_affected": "0.10.18" }, { "last_affected": "0.10.19" }, { "last_affected": "0.10.20" }, { "last_affected": "0.10.21" }, { "last_affected": "0.10.22" }, { "last_affected": "0.10.23" }, { "last_affected": "0.10.24" }, { "last_affected": "0.10.25" }, { "last_affected": "0.10.26" }, { "last_affected": "0.10.27" }, { "last_affected": "0.10.28" }, { "last_affected": "0.10.29" }, { "last_affected": "0.10.30" }, { "last_affected": "0.10.31" }, { "last_affected": "0.10.32" }, { "last_affected": "0.10.33" }, { "last_affected": "0.10.34" }, { "last_affected": "0.10.35" }, { "last_affected": "0.10.36" } ], "cpe": [ "cpe:2.3:a:gstreamer:gstreamer:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.15:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.16:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.17:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.18:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.19:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.20:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.21:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.22:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.23:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.24:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.25:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.26:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.27:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.28:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.29:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.30:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.31:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.32:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.33:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.34:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.35:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:0.10.36:*:*:*:*:*:*:*" ] }
Affected versions
gst-plugins-base-0.*
gst-plugins-base-0.10.0
gst-plugins-base-0.10.1
gst-plugins-base-0.10.10
gst-plugins-base-0.10.11
gst-plugins-base-0.10.12
gst-plugins-base-0.10.13
gst-plugins-base-0.10.14
gst-plugins-base-0.10.15
gst-plugins-base-0.10.16
gst-plugins-base-0.10.17
gst-plugins-base-0.10.18
gst-plugins-base-0.10.2
gst-plugins-base-0.10.20
gst-plugins-base-0.10.21
gst-plugins-base-0.10.22
gst-plugins-base-0.10.23
gst-plugins-base-0.10.24
gst-plugins-base-0.10.25
gst-plugins-base-0.10.26
gst-plugins-base-0.10.27
gst-plugins-base-0.10.28
gst-plugins-base-0.10.29
gst-plugins-base-0.10.3
gst-plugins-base-0.10.30
gst-plugins-base-0.10.31
gst-plugins-base-0.10.32
gst-plugins-base-0.10.33
gst-plugins-base-0.10.34
gst-plugins-base-0.10.35
gst-plugins-base-0.10.36
gst-plugins-base-0.10.4
gst-plugins-base-0.10.5
gst-plugins-base-0.10.6
gst-plugins-base-0.10.7
gst-plugins-base-0.10.8
gst-plugins-base-0.10.9
gst-plugins-base-0.9.1
gst-plugins-base-0.9.2
gst-plugins-base-0.9.3
gst-plugins-base-0.9.4
gst-plugins-base-0.9.5
gst-plugins-base-0.9.6
gst-plugins-base-0.9.7
gst-plugins-good-0.*
gst-plugins-good-0.10.0
gst-plugins-good-0.10.1
gst-plugins-good-0.10.11
gst-plugins-good-0.10.14
gst-plugins-good-0.10.15
gst-plugins-good-0.10.16
gst-plugins-good-0.10.17
gst-plugins-good-0.10.18
gst-plugins-good-0.10.19
gst-plugins-good-0.10.2
gst-plugins-good-0.10.20
gst-plugins-good-0.10.21
gst-plugins-good-0.10.22
gst-plugins-good-0.10.23
gst-plugins-good-0.10.24
gst-plugins-good-0.10.25
gst-plugins-good-0.10.26
gst-plugins-good-0.10.27
gst-plugins-good-0.10.28
gst-plugins-good-0.10.29
gst-plugins-good-0.10.3
gst-plugins-good-0.10.30
gst-plugins-good-0.10.31
gst-plugins-good-0.10.4
gst-plugins-good-0.10.5
gst-plugins-good-0.10.6
gst-plugins-good-0.10.7
gst-plugins-good-0.10.8
gst-plugins-good-0.10.9
gst-plugins-good-0.9.1
gst-plugins-good-0.9.3
gst-plugins-good-0.9.4
gst-plugins-good-0.9.5
gst-plugins-good-0.9.6
gst-plugins-good-0.9.7
gst-python-0.*
gst-python-0.1.0
gst-python-0.10.0
gst-python-0.10.1
gst-python-0.10.10
gst-python-0.10.11
gst-python-0.10.12
gst-python-0.10.13
gst-python-0.10.14
gst-python-0.10.15
gst-python-0.10.16
gst-python-0.10.17
gst-python-0.10.18
gst-python-0.10.19
gst-python-0.10.2
gst-python-0.10.20
gst-python-0.10.21
gst-python-0.10.22
gst-python-0.10.3
gst-python-0.10.4
gst-python-0.10.5
gst-python-0.10.6
gst-python-0.10.7
gst-python-0.10.8
gst-python-0.10.9
gst-python-0.7.90
gst-python-0.7.91
gst-python-0.7.92
gst-python-0.7.93
gst-python-0.7.94
gst-python-0.8.0
gst-python-0.8.1
gst-python-0.9.3
gst-python-0.9.4
gst-python-0.9.5
gst-python-0.9.6
gst-python-0.9.7
gst-rtsp-server-0.*
gst-rtsp-server-0.10.1
gst-rtsp-server-0.10.2
gst-rtsp-server-0.10.3
gst-rtsp-server-0.10.4
gst-rtsp-server-0.10.5
gst-rtsp-server-0.10.6
gst-rtsp-server-0.10.7
gst-rtsp-server-0.10.8