CVE-2016-9447 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	A heap out-of-bound read/write vulnerability has been discovered in the libgstnsf.so nintendo music files plugin of gst-plugins-bad due to lack of checking the ROM size when mapping into memory. Switching the bank leads to an out-of-bounds read leading to possible arbitrary code execution when combined with the ability to load or bank switch the ROM to a writable memory location.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-125	gstreamer0.10-bad-plugins	0.10.23-20		High	Unknown	FS#52335

References
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html