Fluid Attacks Database

Description

A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	gstreamer-plugins-bad-free	<0:0.10.19-5.el6_8	0:0.10.19-5.el6_8
rpm rhel7	gstreamer-plugins-bad-free	<0:0.10.23-22.el7_3	0:0.10.23-22.el7_3

Aliases

1. CVE-2016-94472. NVD-2016-94473. OSV-2016-9447

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.