CVE-2016-9447 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A heap out-of-bound read/write vulnerability has been discovered in the libgstnsf.so nintendo music files plugin of gst-plugins-bad due to lack of checking the ROM size when mapping into memory. Switching the bank leads to an out-of-bounds read leading to possible arbitrary code execution when combined with the ability to load or bank switch the ROM to a writable memory location.
Group Package Affected Fixed Severity Status Ticket
AVG-125 gstreamer0.10-bad-plugins 0.10.23-20 High Unknown FS#52335
References
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html