4.7 - CVE-2016-9811

Executive Summary

Informations
Name	CVE-2016-9811	First vendor Publication	2017-01-13
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Overall CVSS Score	4.7
Base Score	4.7	Environmental Score	4.7
impact SubScore	3.6	Temporal Score	4.7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	None	User Interaction	Required
Scope	Unchanged	Confidentiality Impact	None
Integrity Impact	None	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-125	Out-of-bounds Read

CPE : Common Platform Enumeration

Type	Description	Count
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:35:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	1
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*	4
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	1
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*	3
Os	Redhat Enterprise Linux Server Tus cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*	2
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*	1

Nessus® Vulnerability Scanner

Date	Description
2017-09-11	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1206.nasl - Type : ACT_GATHER_INFO
2017-09-11	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1205.nasl - Type : ACT_GATHER_INFO
2017-08-25	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-2060.nasl - Type : ACT_GATHER_INFO
2017-08-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170802_GStreamer_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-08-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2060.nasl - Type : ACT_GATHER_INFO
2017-05-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201705-10.nasl - Type : ACT_GATHER_INFO
2017-03-28	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3244-1.nasl - Type : ACT_GATHER_INFO
2017-03-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3819.nasl - Type : ACT_GATHER_INFO
2017-01-30	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-169.nasl - Type : ACT_GATHER_INFO
2017-01-30	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-168.nasl - Type : ACT_GATHER_INFO
2017-01-26	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0289-1.nasl - Type : ACT_GATHER_INFO
2017-01-24	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0263-1.nasl - Type : ACT_GATHER_INFO
2017-01-23	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0242-1.nasl - Type : ACT_GATHER_INFO
2017-01-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0211-1.nasl - Type : ACT_GATHER_INFO
2017-01-18	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0189-1.nasl - Type : ACT_GATHER_INFO
2017-01-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-95.nasl - Type : ACT_GATHER_INFO
2017-01-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-89.nasl - Type : ACT_GATHER_INFO
2017-01-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-87.nasl - Type : ACT_GATHER_INFO
2016-12-12	Name : The remote Fedora host is missing a security update. File : fedora_2016-a17657197c.nasl - Type : ACT_GATHER_INFO
2016-12-12	Name : The remote Fedora host is missing a security update. File : fedora_2016-4fff0cbc66.nasl - Type : ACT_GATHER_INFO
2016-12-12	Name : The remote Fedora host is missing a security update. File : fedora_2016-4c8140241f.nasl - Type : ACT_GATHER_INFO
2016-12-08	Name : The remote Debian host is missing a security update. File : debian_DLA-735.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...

Source	Url
BID	http://www.securityfocus.com/bid/95161
CONFIRM	https://bugzilla.gnome.org/show_bug.cgi?id=774902 https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
DEBIAN	http://www.debian.org/security/2017/dsa-3819
GENTOO	https://security.gentoo.org/glsa/201705-10
MLIST	http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html
REDHAT	https://access.redhat.com/errata/RHSA-2017:2060

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-07 21:43:27	Multiple Updates
2021-11-30 00:23:12	Multiple Updates
2021-11-26 09:23:12	Multiple Updates
2021-04-22 02:07:10	Multiple Updates
2020-05-23 02:01:55	Multiple Updates
2020-05-23 00:54:02	Multiple Updates
2018-01-05 09:23:59	Multiple Updates
2017-11-04 09:23:46	Multiple Updates
2017-09-12 13:25:00	Multiple Updates
2017-08-26 13:24:55	Multiple Updates
2017-08-23 13:25:04	Multiple Updates
2017-08-04 13:25:03	Multiple Updates
2017-07-01 09:23:47	Multiple Updates
2017-05-19 13:23:16	Multiple Updates
2017-03-29 13:24:22	Multiple Updates
2017-01-31 13:26:20	Multiple Updates
2017-01-27 13:24:50	Multiple Updates
2017-01-25 13:23:33	Multiple Updates
2017-01-24 13:24:52	Multiple Updates
2017-01-21 13:22:46	Multiple Updates
2017-01-19 13:25:05	Multiple Updates
2017-01-18 17:24:13	Multiple Updates
2017-01-18 13:25:47	Multiple Updates
2017-01-18 09:28:28	Multiple Updates
2017-01-13 21:23:41	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	15
Sources(s)	10
Nessus® Exploit(s)	22

	Related
7.5	GLSA-201705-10
5	USN-3244-1
5	DSA-3819
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

4.7 - CVE-2016-9811

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU