CVE-2016-9447
HIGHSeverity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
AnalysisAI
A vulnerability in the ROM mappings of the NSF decoder in GStreamer 0.10.x allows remote attackers to trigger out-of-bounds memory access through crafted NSF music files, potentially leading to arbitrary code execution or denial of service. The vulnerability affects all GStreamer 0.10.x versions and requires user interaction to open a malicious NSF file. With an EPSS score of 0.48% (65th percentile) and proof-of-concept exploit code publicly available, this represents a moderate real-world risk for systems processing untrusted media files.
Technical ContextAI
GStreamer is an open-source multimedia framework used extensively in Linux desktop environments for audio/video playback. The vulnerability specifically affects the NSF (NES Sound Format) decoder plugin in GStreamer 0.10.x branch, where improper ROM memory mappings allow buffer boundaries to be exceeded. According to the CPE data, all versions from 0.10.0 through 0.10.9 are affected. The root cause is CWE-125 (Out-of-bounds Read), though the vulnerability can also result in out-of-bounds writes, making it potentially exploitable for code execution beyond just information disclosure.
RemediationAI
Upgrade GStreamer to version 1.x or apply distribution-specific patches as detailed in vendor advisories (Red Hat RHSA-2016-2974, RHSA-2017-0018, Gentoo GLSA-201705-10). Since GStreamer 0.10.x is deprecated, migration to GStreamer 1.x is strongly recommended for long-term security. As a temporary mitigation, disable NSF file format support or implement strict input validation for media files from untrusted sources. Organizations should review the proof-of-concept details at http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html to understand the attack vector.
Same weakness CWE-125 – Out-of-bounds Read
View allShare
External POC / Exploit Code
Leaving vuln.today