{"id":"CVE-2016-9447","details":"The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.","modified":"2026-03-20T11:17:11.513797Z","published":"2017-01-23T21:59:03.127Z","related":["MGASA-2018-0012","SUSE-SU-2017:0027-1","SUSE-SU-2017:0028-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/94427"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/11/18/12"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/11/18/13"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-10"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2974.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0018.html"},{"type":"ARTICLE","url":"http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gstreamer/gstreamer","events":[{"introduced":"0"},{"last_affected":"2383bf6dedb7912df06a8c4f03aa9f241a7aff6f"},{"introduced":"0"},{"last_affected":"0601746ccd26a6a93433ef39c8ef1b89cf658f9f"},{"introduced":"0"},{"last_affected":"9645acef9fc342e175c0d4dfd8e3981e47ea38bf"},{"introduced":"0"},{"last_affected":"aa0daff56167676c2419126ff27a1fb3d97976dd"},{"introduced":"0"},{"last_affected":"5ec236326cd7ca960f277ae082da0cfb1a34926f"},{"introduced":"0"},{"last_affected":"95797040eb860ebb8f33b8d92e93f20b60e5215f"},{"introduced":"0"},{"last_affected":"a61610c96861dd11840add94b38e750cf5cf39b7"},{"introduced":"0"},{"last_affected":"4d9db9e2cff925de0a37754eee8c93da9252ced8"},{"introduced":"0"},{"last_affected":"ed7bb93c2ff6c35229687604f6d6ae8c1ff3c4f2"},{"introduced":"0"},{"last_affected":"1f8e0a3b9b942cc15e26c2608d26b59191d35087"},{"introduced":"0"},{"last_affected":"52cef107b14f4271a6ac983daf507c0b4ce00dcc"},{"introduced":"0"},{"last_affected":"355a8d2132d307b27cfdc85d38bd07930960c59c"},{"introduced":"0"},{"last_affected":"eb20ecac9b5d5260f3ac0aeaea80041c2f52655b"},{"introduced":"0"},{"last_affected":"94b4bf7f41860e782a9e4a6306712674cb0de8e2"},{"introduced":"0"},{"last_affected":"3e811faefc7117320695cbf4c0d8b34a448cb10c"},{"introduced":"0"},{"last_affected":"ba5f9d28436e8022ac316cedbfff5efd3993d9a2"},{"introduced":"0"},{"last_affected":"0d0b85cb15e02321d440a041854ad33048a07dc4"},{"introduced":"0"},{"last_affected":"6de8ad8d667c39d7d4a376b292f0f57a0bfa7e60"},{"introduced":"0"},{"last_affected":"8a57d6af1f9bf52fb69909e370c8180c2b2d8e6c"},{"introduced":"0"},{"last_affected":"dc1ae0ffbb1d5f86df2ebda76c07465371ebac60"},{"introduced":"0"},{"last_affected":"e0f0bce8d625d2d684be5840b36107506b6a70f1"},{"introduced":"0"},{"last_affected":"725bc2f11aadf3e0a1740c4fa75b486c5e1f9907"},{"introduced":"0"},{"last_affected":"855093570f8a53205b66eb9fa698d571d224948d"},{"introduced":"0"},{"last_affected":"418885d898d6b540cc7b89729013b7b6b46fe2ea"},{"introduced":"0"},{"last_affected":"ae4c19ee50c4748e48e2ce7b139592a7b712b03d"},{"introduced":"0"},{"last_affected":"b26897dd84ac9b09e7d262989a75984aab0bdc91"},{"introduced":"0"},{"last_affected":"1d2056adc637a14c1060a282abf111c1452e7f9c"},{"introduced":"0"},{"last_affected":"43505244cbcb7fc57f5667cc5276f0d2f296f731"},{"introduced":"0"},{"last_affected":"a4e1b18b65552ee348e578efe12fe2ec38880e12"},{"introduced":"0"},{"last_affected":"a2d88f90dc58725d61d0c10276ce60739fac7867"},{"introduced":"0"},{"last_affected":"673d519898d18c513c3b5eeecd91f5d3091ddf79"},{"introduced":"0"},{"last_affected":"cdabb85f5d742c06856ec9980fb5a0b6dcb8e25b"},{"introduced":"0"},{"last_affected":"c2e0ec6d0bef44827476d96ee9e5ae92dec8be46"},{"introduced":"0"},{"last_affected":"519f35059938263fbeaf02f9f13acbbd633d46d6"},{"introduced":"0"},{"last_affected":"ffc3cece6ce5e7fb069b7d1eb135039e6ac6052f"},{"introduced":"0"},{"last_affected":"04c392fa7d86f348ae9edaabf4c95b8deb64288e"},{"introduced":"0"},{"last_affected":"9faeeb8e45801e6b01d938a6001fff16f03d59b2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.10.0"},{"introduced":"0"},{"last_affected":"0.10.1"},{"introduced":"0"},{"last_affected":"0.10.2"},{"introduced":"0"},{"last_affected":"0.10.3"},{"introduced":"0"},{"last_affected":"0.10.4"},{"introduced":"0"},{"last_affected":"0.10.5"},{"introduced":"0"},{"last_affected":"0.10.6"},{"introduced":"0"},{"last_affected":"0.10.7"},{"introduced":"0"},{"last_affected":"0.10.8"},{"introduced":"0"},{"last_affected":"0.10.9"},{"introduced":"0"},{"last_affected":"0.10.10"},{"introduced":"0"},{"last_affected":"0.10.11"},{"introduced":"0"},{"last_affected":"0.10.12"},{"introduced":"0"},{"last_affected":"0.10.13"},{"introduced":"0"},{"last_affected":"0.10.14"},{"introduced":"0"},{"last_affected":"0.10.15"},{"introduced":"0"},{"last_affected":"0.10.16"},{"introduced":"0"},{"last_affected":"0.10.17"},{"introduced":"0"},{"last_affected":"0.10.18"},{"introduced":"0"},{"last_affected":"0.10.19"},{"introduced":"0"},{"last_affected":"0.10.20"},{"introduced":"0"},{"last_affected":"0.10.21"},{"introduced":"0"},{"last_affected":"0.10.22"},{"introduced":"0"},{"last_affected":"0.10.23"},{"introduced":"0"},{"last_affected":"0.10.24"},{"introduced":"0"},{"last_affected":"0.10.25"},{"introduced":"0"},{"last_affected":"0.10.26"},{"introduced":"0"},{"last_affected":"0.10.27"},{"introduced":"0"},{"last_affected":"0.10.28"},{"introduced":"0"},{"last_affected":"0.10.29"},{"introduced":"0"},{"last_affected":"0.10.30"},{"introduced":"0"},{"last_affected":"0.10.31"},{"introduced":"0"},{"last_affected":"0.10.32"},{"introduced":"0"},{"last_affected":"0.10.33"},{"introduced":"0"},{"last_affected":"0.10.34"},{"introduced":"0"},{"last_affected":"0.10.35"},{"introduced":"0"},{"last_affected":"0.10.36"}]}}],"versions":["gst-python-0.1.0","gst-python-0.10.0","gst-python-0.7.90","gst-python-0.7.91","gst-python-0.7.92","gst-python-0.7.93","gst-python-0.7.94","gst-python-0.8.0","gst-python-0.8.1","gst-python-0.9.3","gst-python-0.9.4","gst-python-0.9.5","gst-python-0.9.6","gst-python-0.9.7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9447.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}