CVE-2016-9635
Publication date 27 January 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
Status
Package | Ubuntu Release | Status |
---|---|---|
gst-plugins-good0.10 | ||
16.04 LTS xenial |
Fixed 0.10.31-3+nmu4ubuntu2.16.04.1
|
|
14.04 LTS trusty |
Fixed 0.10.31-3+nmu1ubuntu5.1
|
|
gst-plugins-good1.0 | ||
16.04 LTS xenial |
Fixed 1.8.2-1ubuntu0.2
|
|
14.04 LTS trusty |
Fixed 1.2.4-1~ubuntu1.1
|
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 · Critical |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |