{"id":"CVE-2016-9447","details":"The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.","modified":"2026-04-01T23:55:36.655411Z","published":"2017-01-23T21:59:03.127Z","related":["MGASA-2018-0012","SUSE-SU-2017:0027-1","SUSE-SU-2017:0028-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/11/18/12"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/11/18/13"},{"type":"WEB","url":"http://www.securityfocus.com/bid/94427"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-10"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2974.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0018.html"},{"type":"ARTICLE","url":"http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gstreamer/gstreamer","events":[{"introduced":"0"},{"last_affected":"2383bf6dedb7912df06a8c4f03aa9f241a7aff6f"},{"introduced":"0"},{"last_affected":"0601746ccd26a6a93433ef39c8ef1b89cf658f9f"},{"introduced":"0"},{"last_affected":"9645acef9fc342e175c0d4dfd8e3981e47ea38bf"},{"introduced":"0"},{"last_affected":"aa0daff56167676c2419126ff27a1fb3d97976dd"},{"introduced":"0"},{"last_affected":"5ec236326cd7ca960f277ae082da0cfb1a34926f"},{"introduced":"0"},{"last_affected":"95797040eb860ebb8f33b8d92e93f20b60e5215f"},{"introduced":"0"},{"last_affected":"a61610c96861dd11840add94b38e750cf5cf39b7"},{"introduced":"0"},{"last_affected":"4d9db9e2cff925de0a37754eee8c93da9252ced8"},{"introduced":"0"},{"last_affected":"ed7bb93c2ff6c35229687604f6d6ae8c1ff3c4f2"},{"introduced":"0"},{"last_affected":"1f8e0a3b9b942cc15e26c2608d26b59191d35087"},{"introduced":"0"},{"last_affected":"52cef107b14f4271a6ac983daf507c0b4ce00dcc"},{"introduced":"0"},{"last_affected":"355a8d2132d307b27cfdc85d38bd07930960c59c"},{"introduced":"0"},{"last_affected":"eb20ecac9b5d5260f3ac0aeaea80041c2f52655b"},{"introduced":"0"},{"last_affected":"94b4bf7f41860e782a9e4a6306712674cb0de8e2"},{"introduced":"0"},{"last_affected":"3e811faefc7117320695cbf4c0d8b34a448cb10c"},{"introduced":"0"},{"last_affected":"ba5f9d28436e8022ac316cedbfff5efd3993d9a2"},{"introduced":"0"},{"last_affected":"0d0b85cb15e02321d440a041854ad33048a07dc4"},{"introduced":"0"},{"last_affected":"6de8ad8d667c39d7d4a376b292f0f57a0bfa7e60"},{"introduced":"0"},{"last_affected":"8a57d6af1f9bf52fb69909e370c8180c2b2d8e6c"},{"introduced":"0"},{"last_affected":"dc1ae0ffbb1d5f86df2ebda76c07465371ebac60"},{"introduced":"0"},{"last_affected":"e0f0bce8d625d2d684be5840b36107506b6a70f1"},{"introduced":"0"},{"last_affected":"725bc2f11aadf3e0a1740c4fa75b486c5e1f9907"},{"introduced":"0"},{"last_affected":"855093570f8a53205b66eb9fa698d571d224948d"},{"introduced":"0"},{"last_affected":"418885d898d6b540cc7b89729013b7b6b46fe2ea"},{"introduced":"0"},{"last_affected":"ae4c19ee50c4748e48e2ce7b139592a7b712b03d"},{"introduced":"0"},{"last_affected":"b26897dd84ac9b09e7d262989a75984aab0bdc91"},{"introduced":"0"},{"last_affected":"1d2056adc637a14c1060a282abf111c1452e7f9c"},{"introduced":"0"},{"last_affected":"43505244cbcb7fc57f5667cc5276f0d2f296f731"},{"introduced":"0"},{"last_affected":"a4e1b18b65552ee348e578efe12fe2ec38880e12"},{"introduced":"0"},{"last_affected":"a2d88f90dc58725d61d0c10276ce60739fac7867"},{"introduced":"0"},{"last_affected":"673d519898d18c513c3b5eeecd91f5d3091ddf79"},{"introduced":"0"},{"last_affected":"cdabb85f5d742c06856ec9980fb5a0b6dcb8e25b"},{"introduced":"0"},{"last_affected":"c2e0ec6d0bef44827476d96ee9e5ae92dec8be46"},{"introduced":"0"},{"last_affected":"519f35059938263fbeaf02f9f13acbbd633d46d6"},{"introduced":"0"},{"last_affected":"ffc3cece6ce5e7fb069b7d1eb135039e6ac6052f"},{"introduced":"0"},{"last_affected":"04c392fa7d86f348ae9edaabf4c95b8deb64288e"},{"introduced":"0"},{"last_affected":"9faeeb8e45801e6b01d938a6001fff16f03d59b2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.10.0"},{"introduced":"0"},{"last_affected":"0.10.1"},{"introduced":"0"},{"last_affected":"0.10.2"},{"introduced":"0"},{"last_affected":"0.10.3"},{"introduced":"0"},{"last_affected":"0.10.4"},{"introduced":"0"},{"last_affected":"0.10.5"},{"introduced":"0"},{"last_affected":"0.10.6"},{"introduced":"0"},{"last_affected":"0.10.7"},{"introduced":"0"},{"last_affected":"0.10.8"},{"introduced":"0"},{"last_affected":"0.10.9"},{"introduced":"0"},{"last_affected":"0.10.10"},{"introduced":"0"},{"last_affected":"0.10.11"},{"introduced":"0"},{"last_affected":"0.10.12"},{"introduced":"0"},{"last_affected":"0.10.13"},{"introduced":"0"},{"last_affected":"0.10.14"},{"introduced":"0"},{"last_affected":"0.10.15"},{"introduced":"0"},{"last_affected":"0.10.16"},{"introduced":"0"},{"last_affected":"0.10.17"},{"introduced":"0"},{"last_affected":"0.10.18"},{"introduced":"0"},{"last_affected":"0.10.19"},{"introduced":"0"},{"last_affected":"0.10.20"},{"introduced":"0"},{"last_affected":"0.10.21"},{"introduced":"0"},{"last_affected":"0.10.22"},{"introduced":"0"},{"last_affected":"0.10.23"},{"introduced":"0"},{"last_affected":"0.10.24"},{"introduced":"0"},{"last_affected":"0.10.25"},{"introduced":"0"},{"last_affected":"0.10.26"},{"introduced":"0"},{"last_affected":"0.10.27"},{"introduced":"0"},{"last_affected":"0.10.28"},{"introduced":"0"},{"last_affected":"0.10.29"},{"introduced":"0"},{"last_affected":"0.10.30"},{"introduced":"0"},{"last_affected":"0.10.31"},{"introduced":"0"},{"last_affected":"0.10.32"},{"introduced":"0"},{"last_affected":"0.10.33"},{"introduced":"0"},{"last_affected":"0.10.34"},{"introduced":"0"},{"last_affected":"0.10.35"},{"introduced":"0"},{"last_affected":"0.10.36"}]}}],"versions":["gst-plugins-bad-0.10.0","gst-plugins-bad-0.10.1","gst-plugins-bad-0.10.10","gst-plugins-bad-0.10.11","gst-plugins-bad-0.10.12","gst-plugins-bad-0.10.13","gst-plugins-bad-0.10.14","gst-plugins-bad-0.10.15","gst-plugins-bad-0.10.16","gst-plugins-bad-0.10.17","gst-plugins-bad-0.10.18","gst-plugins-bad-0.10.19","gst-plugins-bad-0.10.2","gst-plugins-bad-0.10.20","gst-plugins-bad-0.10.21","gst-plugins-bad-0.10.22","gst-plugins-bad-0.10.23","gst-plugins-bad-0.10.3","gst-plugins-bad-0.10.4","gst-plugins-bad-0.10.5","gst-plugins-bad-0.10.6","gst-plugins-bad-0.10.7","gst-plugins-bad-0.10.8","gst-plugins-bad-0.10.9","gst-plugins-bad-0.11.1","gst-plugins-bad-0.11.2","gst-plugins-bad-0.11.90","gst-plugins-bad-0.11.91","gst-plugins-bad-0.11.92","gst-plugins-bad-0.11.93","gst-plugins-bad-0.11.94","gst-plugins-bad-0.11.99","gst-plugins-bad-0.9.1","gst-plugins-bad-0.9.2","gst-plugins-bad-0.9.3","gst-plugins-bad-0.9.4","gst-plugins-bad-0.9.5","gst-plugins-bad-0.9.6","gst-plugins-bad-0.9.7","gst-plugins-bad-1.0.0","gst-plugins-bad-1.0.1","gst-plugins-bad-1.0.10","gst-plugins-bad-1.0.2","gst-plugins-bad-1.0.3","gst-plugins-bad-1.0.4","gst-plugins-bad-1.0.5","gst-plugins-bad-1.0.6","gst-plugins-bad-1.0.7","gst-plugins-bad-1.0.8","gst-plugins-bad-1.0.9","gst-plugins-bad-1.1.1","gst-plugins-bad-1.1.2","gst-plugins-bad-1.1.3","gst-plugins-bad-1.1.4","gst-plugins-bad-1.1.90","gst-plugins-bad-1.10.0","gst-plugins-bad-1.10.1","gst-plugins-bad-1.10.2","gst-plugins-bad-1.10.3","gst-plugins-bad-1.10.4","gst-plugins-bad-1.10.5","gst-plugins-bad-1.11.0","gst-plugins-bad-1.11.1","gst-plugins-bad-1.11.2","gst-plugins-bad-1.11.90","gst-plugins-bad-1.11.91","gst-plugins-bad-1.12.0","gst-plugins-bad-1.12.1","gst-plugins-bad-1.12.2","gst-plugins-bad-1.12.3","gst-plugins-bad-1.12.4","gst-plugins-bad-1.12.5","gst-plugins-bad-1.13.1","gst-plugins-bad-1.13.90","gst-plugins-bad-1.13.91","gst-plugins-bad-1.14.0","gst-plugins-bad-1.14.1","gst-plugins-bad-1.14.2","gst-plugins-bad-1.14.3","gst-plugins-bad-1.14.4","gst-plugins-bad-1.14.5","gst-plugins-bad-1.15.1","gst-plugins-bad-1.15.2","gst-plugins-bad-1.15.90","gst-plugins-bad-1.16.0","gst-plugins-bad-1.16.1","gst-plugins-bad-1.16.2","gst-plugins-bad-1.16.3","gst-plugins-bad-1.17.1","gst-plugins-bad-1.17.2","gst-plugins-bad-1.17.90","gst-plugins-bad-1.18.0","gst-plugins-bad-1.18.1","gst-plugins-bad-1.18.2","gst-plugins-bad-1.18.3","gst-plugins-bad-1.18.4","gst-plugins-bad-1.18.5","gst-plugins-bad-1.19.1","gst-plugins-bad-1.19.2","gst-plugins-bad-1.2.0","gst-plugins-bad-1.2.1","gst-plugins-bad-1.2.2","gst-plugins-bad-1.2.3","gst-plugins-bad-1.2.4","gst-plugins-bad-1.3.1","gst-plugins-bad-1.3.2","gst-plugins-bad-1.3.3","gst-plugins-bad-1.3.90","gst-plugins-bad-1.3.91","gst-plugins-bad-1.4.0","gst-plugins-bad-1.4.1","gst-plugins-bad-1.4.2","gst-plugins-bad-1.4.3","gst-plugins-bad-1.4.4","gst-plugins-bad-1.4.5","gst-plugins-bad-1.5.1","gst-plugins-bad-1.5.2","gst-plugins-bad-1.5.90","gst-plugins-bad-1.5.91","gst-plugins-bad-1.6.0","gst-plugins-bad-1.6.1","gst-plugins-bad-1.6.2","gst-plugins-bad-1.6.3","gst-plugins-bad-1.6.4","gst-plugins-bad-1.7.1","gst-plugins-bad-1.7.2","gst-plugins-bad-1.7.90","gst-plugins-bad-1.7.91","gst-plugins-bad-1.8.0","gst-plugins-bad-1.8.1","gst-plugins-bad-1.8.2","gst-plugins-bad-1.8.3","gst-plugins-bad-1.9.1","gst-plugins-bad-1.9.2","gst-plugins-bad-1.9.90","gst-plugins-base-0.10.0","gst-plugins-base-0.10.1","gst-plugins-base-0.10.10","gst-plugins-base-0.10.11","gst-plugins-base-0.10.12","gst-plugins-base-0.10.13","gst-plugins-base-0.10.14","gst-plugins-base-0.10.15","gst-plugins-base-0.10.16","gst-plugins-base-0.10.17","gst-plugins-base-0.10.18","gst-plugins-base-0.10.19","gst-plugins-base-0.10.2","gst-plugins-base-0.10.20","gst-plugins-base-0.10.21","gst-plugins-base-0.10.22","gst-plugins-base-0.10.23","gst-plugins-base-0.10.24","gst-plugins-base-0.10.25","gst-plugins-base-0.10.26","gst-plugins-base-0.10.27","gst-plugins-base-0.10.28","gst-plugins-base-0.10.29","gst-plugins-base-0.10.3","gst-plugins-base-0.10.30","gst-plugins-base-0.10.31","gst-plugins-base-0.10.32","gst-plugins-base-0.10.4","gst-plugins-base-0.10.5","gst-plugins-base-0.10.6","gst-plugins-base-0.10.7","gst-plugins-base-0.10.8","gst-plugins-base-0.10.9","gst-plugins-base-0.9.1","gst-plugins-base-0.9.2","gst-plugins-base-0.9.3","gst-plugins-base-0.9.4","gst-plugins-base-0.9.5","gst-plugins-base-0.9.6","gst-plugins-base-0.9.7","gst-plugins-good-0.10.0","gst-plugins-good-0.10.1","gst-plugins-good-0.10.10","gst-plugins-good-0.10.11","gst-plugins-good-0.10.12","gst-plugins-good-0.10.13","gst-plugins-good-0.10.14","gst-plugins-good-0.10.15","gst-plugins-good-0.10.16","gst-plugins-good-0.10.17","gst-plugins-good-0.10.18","gst-plugins-good-0.10.19","gst-plugins-good-0.10.2","gst-plugins-good-0.10.20","gst-plugins-good-0.10.21","gst-plugins-good-0.10.22","gst-plugins-good-0.10.23","gst-plugins-good-0.10.3","gst-plugins-good-0.10.4","gst-plugins-good-0.10.5","gst-plugins-good-0.10.6","gst-plugins-good-0.10.7","gst-plugins-good-0.10.8","gst-plugins-good-0.10.9","gst-plugins-good-0.9.1","gst-plugins-good-0.9.3","gst-plugins-good-0.9.4","gst-plugins-good-0.9.5","gst-plugins-good-0.9.6","gst-plugins-good-0.9.7","gst-plugins-ugly-0.10.0","gst-plugins-ugly-0.10.1","gst-plugins-ugly-0.10.10","gst-plugins-ugly-0.10.11","gst-plugins-ugly-0.10.12","gst-plugins-ugly-0.10.13","gst-plugins-ugly-0.10.14","gst-plugins-ugly-0.10.15","gst-plugins-ugly-0.10.16","gst-plugins-ugly-0.10.17","gst-plugins-ugly-0.10.18","gst-plugins-ugly-0.10.19","gst-plugins-ugly-0.10.2","gst-plugins-ugly-0.10.3","gst-plugins-ugly-0.10.4","gst-plugins-ugly-0.10.5","gst-plugins-ugly-0.10.6","gst-plugins-ugly-0.10.7","gst-plugins-ugly-0.10.8","gst-plugins-ugly-0.10.9","gst-plugins-ugly-0.11.1","gst-plugins-ugly-0.11.2","gst-plugins-ugly-0.11.90","gst-plugins-ugly-0.11.91","gst-plugins-ugly-0.11.92","gst-plugins-ugly-0.11.93","gst-plugins-ugly-0.11.94","gst-plugins-ugly-0.11.99","gst-plugins-ugly-0.9.1","gst-plugins-ugly-0.9.3","gst-plugins-ugly-0.9.4","gst-plugins-ugly-0.9.5","gst-plugins-ugly-0.9.6","gst-plugins-ugly-0.9.7","gst-plugins-ugly-1.0.0","gst-plugins-ugly-1.0.1","gst-plugins-ugly-1.0.10","gst-plugins-ugly-1.0.2","gst-plugins-ugly-1.0.3","gst-plugins-ugly-1.0.4","gst-plugins-ugly-1.0.5","gst-plugins-ugly-1.0.6","gst-plugins-ugly-1.0.7","gst-plugins-ugly-1.0.8","gst-plugins-ugly-1.0.9","gst-plugins-ugly-1.1.1","gst-plugins-ugly-1.1.2","gst-plugins-ugly-1.1.3","gst-plugins-ugly-1.1.4","gst-plugins-ugly-1.1.90","gst-plugins-ugly-1.10.0","gst-plugins-ugly-1.10.1","gst-plugins-ugly-1.10.2","gst-plugins-ugly-1.10.3","gst-plugins-ugly-1.10.4","gst-plugins-ugly-1.10.5","gst-plugins-ugly-1.11.0","gst-plugins-ugly-1.11.1","gst-plugins-ugly-1.11.2","gst-plugins-ugly-1.11.90","gst-plugins-ugly-1.11.91","gst-plugins-ugly-1.12.0","gst-plugins-ugly-1.12.1","gst-plugins-ugly-1.12.2","gst-plugins-ugly-1.12.3","gst-plugins-ugly-1.12.4","gst-plugins-ugly-1.12.5","gst-plugins-ugly-1.13.1","gst-plugins-ugly-1.13.90","gst-plugins-ugly-1.13.91","gst-plugins-ugly-1.14.0","gst-plugins-ugly-1.14.1","gst-plugins-ugly-1.14.2","gst-plugins-ugly-1.14.3","gst-plugins-ugly-1.14.4","gst-plugins-ugly-1.14.5","gst-plugins-ugly-1.15.1","gst-plugins-ugly-1.15.2","gst-plugins-ugly-1.15.90","gst-plugins-ugly-1.16.0","gst-plugins-ugly-1.16.1","gst-plugins-ugly-1.16.2","gst-plugins-ugly-1.16.3","gst-plugins-ugly-1.17.1","gst-plugins-ugly-1.17.2","gst-plugins-ugly-1.17.90","gst-plugins-ugly-1.18.0","gst-plugins-ugly-1.18.1","gst-plugins-ugly-1.18.2","gst-plugins-ugly-1.18.3","gst-plugins-ugly-1.18.4","gst-plugins-ugly-1.18.5","gst-plugins-ugly-1.19.1","gst-plugins-ugly-1.19.2","gst-plugins-ugly-1.2.0","gst-plugins-ugly-1.2.1","gst-plugins-ugly-1.2.2","gst-plugins-ugly-1.2.3","gst-plugins-ugly-1.2.4","gst-plugins-ugly-1.3.1","gst-plugins-ugly-1.3.2","gst-plugins-ugly-1.3.3","gst-plugins-ugly-1.3.90","gst-plugins-ugly-1.3.91","gst-plugins-ugly-1.4.0","gst-plugins-ugly-1.4.1","gst-plugins-ugly-1.4.2","gst-plugins-ugly-1.4.3","gst-plugins-ugly-1.4.4","gst-plugins-ugly-1.4.5","gst-plugins-ugly-1.5.1","gst-plugins-ugly-1.5.2","gst-plugins-ugly-1.5.90","gst-plugins-ugly-1.5.91","gst-plugins-ugly-1.6.0","gst-plugins-ugly-1.6.1","gst-plugins-ugly-1.6.2","gst-plugins-ugly-1.6.3","gst-plugins-ugly-1.6.4","gst-plugins-ugly-1.7.1","gst-plugins-ugly-1.7.2","gst-plugins-ugly-1.7.90","gst-plugins-ugly-1.7.91","gst-plugins-ugly-1.8.0","gst-plugins-ugly-1.8.1","gst-plugins-ugly-1.8.2","gst-plugins-ugly-1.8.3","gst-plugins-ugly-1.9.1","gst-plugins-ugly-1.9.2","gst-plugins-ugly-1.9.90","gst-python-0.1.0","gst-python-0.10.0","gst-python-0.7.90","gst-python-0.7.91","gst-python-0.7.92","gst-python-0.7.93","gst-python-0.7.94","gst-python-0.8.0","gst-python-0.8.1","gst-python-0.8.2","gst-python-0.8.3","gst-python-0.8.4","gst-python-0.9.3","gst-python-0.9.4","gst-python-0.9.5","gst-python-0.9.6","gst-python-0.9.7","gst-rtsp-server-0.10.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9447.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}