CVE-2016-9445
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
AnalysisAI
An integer overflow vulnerability exists in the vmnc decoder component of GStreamer that allows remote attackers to trigger a buffer overflow and crash the application. GStreamer version 1.10.0 is confirmed affected, with exploitation requiring no authentication or user interaction over the network. A public proof-of-concept exploit exists (published on Scary Beasts Security blog), and EPSS indicates a 2.41% probability of exploitation in the wild (85th percentile), making this a moderate real-world risk.
Technical ContextAI
This vulnerability affects the VMnc (VMware video codec) decoder plugin in GStreamer's gst-plugins-bad package, specifically in the vmncdec.c file. GStreamer is a widely-used multimedia framework for constructing graphs of media-handling components. The root cause is CWE-190 (Integer Overflow or Wraparound), where the decoder fails to properly validate large width and height values in VMnc-encoded video streams. When these dimensions are multiplied to calculate buffer sizes, an integer overflow occurs, resulting in allocation of an undersized buffer. Subsequent writes to this buffer cause a heap-based buffer overflow, leading to application crash or potential memory corruption. The affected product per CPE is cpe:2.3:a:gstreamer:gstreamer:1.10.0.
RemediationAI
Apply the upstream patch available in GStreamer's gst-plugins-bad repository (commit 4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe at https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe). For Red Hat Enterprise Linux systems, install updates per RHSA-2016-2974, RHSA-2017-0018, or RHSA-2017-0021 as appropriate for your distribution version. Gentoo users should follow GLSA-201705-10 guidance. As a temporary mitigation until patching, disable or remove the vmnc decoder plugin from GStreamer if VMware video codec support is not required, restrict processing of media files to trusted sources only, and implement network segmentation to limit exposure of systems running vulnerable GStreamer versions to untrusted network content.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today