The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
2017-01-23T21:59:03.063
2025-04-20T01:37:25.860
Deferred
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gstreamer_project | gstreamer | < 1.11.1 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 7.4 | Yes |
| Operating System | redhat | enterprise_linux_eus | 7.5 | Yes |
| Operating System | redhat | enterprise_linux_eus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_eus | 7.7 | Yes |
| Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 7.4 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 7.7 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 7.7 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |
| Operating System | fedoraproject | fedora | 35 | Yes |