CVE-2016-9446

Publication date 23 January 2017

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

7.5 · High

Score breakdown

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

Status

Package Ubuntu Release Status
gst-plugins-bad0.10 17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty
Fixed 0.10.23-7.2ubuntu1.3
12.04 LTS precise
Fixed 0.10.22.3-2ubuntu2.5
gst-plugins-bad1.0 17.04 zesty
Fixed 1.10.2-1ubuntu1
16.10 yakkety
Fixed 1.8.3-1ubuntu1.1
16.04 LTS xenial
Fixed 1.8.2-1ubuntu0.2
14.04 LTS trusty
Fixed 1.2.4-1~ubuntu1.1
12.04 LTS precise Not in release

Severity score breakdown

Parameter Value
Base score 7.5 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N