The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
|
Gstreamer
Subscribe
|
Gstreamer
Subscribe
|
|
Redhat
Subscribe
|
Enterprise Linux
Subscribe
|
Configuration 1 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 6 | |||
| gstreamer-plugins-bad-free-0:0.10.19-5.el6_8 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2016:2974 | 2016-12-21T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| gstreamer-plugins-bad-free-0:0.10.23-22.el7_3 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2017:0018 | 2017-01-05T00:00:00Z |
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-712-1 | gst-plugins-bad0.10 security update |
 EUVD |
EUVD-2016-10257 | The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 17 Mar 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gstreamer
Gstreamer gstreamer |
|
| CPEs | cpe:2.3:a:gstreamer_project:gstreamer:0.10.10:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.11:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.12:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.13:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.14:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.15:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.16:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.17:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.18:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.19:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.1:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.20:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.21:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.22:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.23:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.24:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.25:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.26:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.27:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.28:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.29:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.2:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.30:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.31:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.32:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.33:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.34:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.35:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.36:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.3:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.4:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.5:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.6:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.7:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.8:*:*:*:*:*:*:* cpe:2.3:a:gstreamer_project:gstreamer:0.10.9:*:*:*:*:*:*:* |
cpe:2.3:a:gstreamer:gstreamer:0.10.0:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.10:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.11:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.12:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.13:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.14:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.15:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.16:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.17:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.18:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.19:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.1:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.20:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.21:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.22:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.23:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.24:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.25:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.26:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.27:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.28:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.29:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.2:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.30:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.31:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.32:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.33:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.34:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.35:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.36:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.3:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.4:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.5:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.6:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.7:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.8:*:*:*:*:*:*:* cpe:2.3:a:gstreamer:gstreamer:0.10.9:*:*:*:*:*:*:* |
| Vendors & Products |
Gstreamer Project
Gstreamer Project gstreamer |
Gstreamer
Gstreamer gstreamer |
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: microfocus
Published:
Updated: 2024-08-06T02:50:38.384Z
Reserved: 2016-11-18T00:00:00.000Z
Link: CVE-2016-9447
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2017-01-23T21:59:03.127
Modified: 2026-03-17T15:52:33.870
Link: CVE-2016-9447
Redhat
OpenCVE Enrichment
No data.