Back to bug 1395767
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-11-16 15:56:28 UTC | Depends On | 1395768 | |
| Adam Mariš | 2016-11-16 15:56:36 UTC | Depends On | 1395769 | |
| Adam Mariš | 2016-11-16 15:56:45 UTC | Depends On | 1395770 | |
| Adam Mariš | 2016-11-16 15:56:53 UTC | Depends On | 1395771 | |
| Adam Mariš | 2016-11-16 15:57:02 UTC | Depends On | 1395772 | |
| Adam Mariš | 2016-11-16 15:59:31 UTC | Blocks | 1395773 | |
| Slawomir Czarko | 2016-11-17 11:22:32 UTC | CC | slawomir | |
| Andrej Nemec | 2016-11-21 07:48:28 UTC | CC | zachvatwork | |
| Adam Mariš | 2016-11-21 10:47:39 UTC | Summary | gstreamer: Integer overflow when allocating render buffer in vmnc decoder | CVE-2016-9445 gstreamer: Integer overflow when allocating render buffer in vmnc decoder |
| Alias | CVE-2016-9445 | |||
| Ricardo Arguello | 2016-11-24 21:02:36 UTC | CC | ricardo.arguello | |
| Dhiru Kholia | 2016-11-25 06:15:23 UTC | CC | dkholia | |
| Summary | CVE-2016-9445 gstreamer: Integer overflow when allocating render buffer in vmnc decoder | CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in vmnc decoder | ||
| Dhiru Kholia | 2016-11-25 06:37:58 UTC | Whiteboard | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=new,rhel-6/gstreamer=new,rhel-7/gstreamer=new,rhel-7/gstreamer1=new,rhev-m-3/mingw-virt-viewer=new,fedora-all/gstreamer=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=new,rhel-6/gstreamer=new,rhel-6/gstreamer-plugins-bad-free=new,rhel-7/gstreamer-plugins-bad-free=new,rhel-7/gstreamer1-plugins-bad-free=new,rhel-7/gstreamer=new,rhel-7/gstreamer1=new,rhev-m-3/mingw-virt-viewer=new,fedora-all/gstreamer=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected |
| Dhiru Kholia | 2016-11-25 06:39:34 UTC | Whiteboard | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=new,rhel-6/gstreamer=new,rhel-6/gstreamer-plugins-bad-free=new,rhel-7/gstreamer-plugins-bad-free=new,rhel-7/gstreamer1-plugins-bad-free=new,rhel-7/gstreamer=new,rhel-7/gstreamer1=new,rhev-m-3/mingw-virt-viewer=new,fedora-all/gstreamer=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=wontfix,rhel-7/gstreamer-plugins-bad-free=wontfix,rhel-7/gstreamer1-plugins-bad-free=wontfix,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected |
| Dhiru Kholia | 2016-11-28 08:38:46 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-11-28 03:38:46 UTC | |||
| Dhiru Kholia | 2016-11-28 08:44:41 UTC | Whiteboard | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=wontfix,rhel-7/gstreamer-plugins-bad-free=wontfix,rhel-7/gstreamer1-plugins-bad-free=wontfix,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=wontfix,rhel-7/gstreamer-plugins-bad-free=wontfix,rhel-7/gstreamer1-plugins-bad-free=wontfix,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected |
| Dhiru Kholia | 2016-11-28 08:46:20 UTC | Depends On | 1399070 | |
| Dhiru Kholia | 2016-12-01 09:50:48 UTC | Whiteboard | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=wontfix,rhel-7/gstreamer-plugins-bad-free=wontfix,rhel-7/gstreamer1-plugins-bad-free=wontfix,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer1-plugins-bad-free=affected,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected |
| Dhiru Kholia | 2016-12-02 07:29:08 UTC | Whiteboard | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer1-plugins-bad-free=affected,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer1-plugins-bad-free=affected,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected |
| Dhiru Kholia | 2016-12-02 07:30:57 UTC | Whiteboard | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer1-plugins-bad-free=affected,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=affected/impact=important,rhel-7/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer1-plugins-bad-free=affected,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected |
| Dhiru Kholia | 2016-12-02 07:47:24 UTC | Depends On | 1400820 | |
| Dhiru Kholia | 2016-12-02 07:47:35 UTC | Depends On | 1400821 | |
| Dhiru Kholia | 2016-12-02 08:15:33 UTC | Depends On | 1400838 | |
| Dhiru Kholia | 2016-12-02 08:15:44 UTC | Depends On | 1400839 | |
| Dhiru Kholia | 2016-12-02 09:15:46 UTC | Depends On | 1400897 | |
| Dhiru Kholia | 2016-12-02 09:15:54 UTC | Depends On | 1400898 | |
| Dhiru Kholia | 2016-12-02 09:36:43 UTC | Whiteboard | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=affected/impact=important,rhel-7/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer1-plugins-bad-free=affected,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=affected/impact=important,rhel-7/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer1-plugins-bad-free=affected,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected,fedora-all/gstreamer-plugins-bad-free=affected |
| Dhiru Kholia | 2016-12-02 09:37:24 UTC | Depends On | 1400910 | |
| Dhiru Kholia | 2016-12-05 08:45:42 UTC | Status | CLOSED | NEW |
| Resolution | WONTFIX | --- | ||
| Doc Text | An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GStreamer's VMware VMnc video file format decoding plugin. A remote attacker could potentially exploit this flaw to cause a crash or potentially execute arbitrary code by tricking an application using this plugin into processing specially crafted files. | |||
| Keywords | Reopened | |||
| Dhiru Kholia | 2016-12-05 10:12:08 UTC | Doc Text | An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GStreamer's VMware VMnc video file format decoding plugin. A remote attacker could potentially exploit this flaw to cause a crash or potentially execute arbitrary code by tricking an application using this plugin into processing specially crafted files. | An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GStreamer's VMware VMnc video file format decoding plugin. A remote attacker could use this flaw to cause an application using this plugin to crash or, potentially, execute arbitrary code with the privileges of the user running the application. |
| Dhiru Kholia | 2016-12-05 10:14:57 UTC | Summary | CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in vmnc decoder | CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder |
| Dhiru Kholia | 2016-12-21 08:48:48 UTC | Doc Text | An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GStreamer's VMware VMnc video file format decoding plugin. A remote attacker could use this flaw to cause an application using this plugin to crash or, potentially, execute arbitrary code with the privileges of the user running the application. | An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using this plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the application. |
| Dhiru Kholia | 2016-12-21 08:56:55 UTC | Doc Text | An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using this plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the application. | An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using this plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the application. |
| Tomas Hoger | 2016-12-21 10:25:40 UTC | Doc Text | An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using this plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the application. | An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. |
| Scott Herold | 2017-09-12 15:27:35 UTC | CC | sherold | |
| PnT Account Manager | 2018-03-29 22:01:55 UTC | CC | dkholia | |
| PnT Account Manager | 2018-07-18 15:06:35 UTC | CC | rbalakri | |
| PnT Account Manager | 2018-11-05 22:48:56 UTC | CC | ylavi | |
| Gil Klein | 2019-04-14 12:51:53 UTC | CC | gklein | |
| Product Security DevOps Team | 2019-06-08 03:02:09 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-28 08:38:46 UTC | 2019-06-08 03:02:09 UTC | ||
| Product Security DevOps Team | 2019-09-29 14:00:54 UTC | Whiteboard | impact=moderate,public=20161115,reported=20161116,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-190->CWE-122,rhel-5/gstreamer=notaffected,rhel-6/gstreamer=notaffected,rhel-6/gstreamer-plugins-bad-free=affected/impact=important,rhel-7/gstreamer-plugins-bad-free=affected,rhel-7/gstreamer1-plugins-bad-free=affected,rhel-7/gstreamer=notaffected,rhel-7/gstreamer1=notaffected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/gstreamer=affected,fedora-all/gstreamer1-plugins-bad-free=affected,fedora-all/gstreamer1=affected,fedora-all/mingw-gstreamer=affected,fedora-all/mingw-gstreamer1=affected,epel-7/mingw-gstreamer1=affected,fedora-all/gstreamer-plugins-bad-free=affected |
Back to bug 1395767