CVE-2016-9445

HIGH
2017-01-23 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
CVE Published
Jan 23, 2017 - 21:59 nvd
HIGH 7.5

Tags

Denial Of Service Buffer Overflow Gstreamer

Description

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

Analysis

An integer overflow vulnerability exists in the vmnc decoder component of GStreamer that allows remote attackers to trigger a buffer overflow and crash the application. GStreamer version 1.10.0 is confirmed affected, with exploitation requiring no authentication or user interaction over the network. A public proof-of-concept exploit exists (published on Scary Beasts Security blog), and EPSS indicates a 2.41% probability of exploitation in the wild (85th percentile), making this a moderate real-world risk.

Technical Context

This vulnerability affects the VMnc (VMware video codec) decoder plugin in GStreamer's gst-plugins-bad package, specifically in the vmncdec.c file. GStreamer is a widely-used multimedia framework for constructing graphs of media-handling components. The root cause is CWE-190 (Integer Overflow or Wraparound), where the decoder fails to properly validate large width and height values in VMnc-encoded video streams. When these dimensions are multiplied to calculate buffer sizes, an integer overflow occurs, resulting in allocation of an undersized buffer. Subsequent writes to this buffer cause a heap-based buffer overflow, leading to application crash or potential memory corruption. The affected product per CPE is cpe:2.3:a:gstreamer:gstreamer:1.10.0.

Affected Products

GStreamer version 1.10.0 is confirmed affected via CPE designation cpe:2.3:a:gstreamer:gstreamer:1.10.0. The vulnerability specifically impacts the gst-plugins-bad package containing the vmnc decoder. Multiple Red Hat Enterprise Linux distributions were affected as documented in advisories RHSA-2016-2974, RHSA-2017-0018, and RHSA-2017-0021 (available at http://rhn.redhat.com/errata/). Gentoo Linux was also affected per GLSA-201705-10 (https://security.gentoo.org/glsa/201705-10). The upstream bug is tracked at https://bugzilla.gnome.org/show_bug.cgi?id=774533. Systems processing untrusted VMnc video streams through GStreamer are at risk, including media players, browser plugins, and automated media processing pipelines.

Remediation

Apply the upstream patch available in GStreamer's gst-plugins-bad repository (commit 4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe at https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe). For Red Hat Enterprise Linux systems, install updates per RHSA-2016-2974, RHSA-2017-0018, or RHSA-2017-0021 as appropriate for your distribution version. Gentoo users should follow GLSA-201705-10 guidance. As a temporary mitigation until patching, disable or remove the vmnc decoder plugin from GStreamer if VMware video codec support is not required, restrict processing of media files to trusted sources only, and implement network segmentation to limit exposure of systems running vulnerable GStreamer versions to untrusted network content.

Priority Score

40
Low Medium High Critical
KEV: 0
EPSS: +2.4
CVSS: +38
POC: 0

Share

CVE-2016-9445 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy