[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-9635":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T14:55:36.164Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":78,"duplicate_of":9,"upstream":79,"downstream":80,"duplicates":111,"related":112,"reserved_at":9,"published_at":119,"modified_at":120,"state":121,"summary":122,"references_raw":130,"kevs":190,"epss":191,"epss_history":194,"metrics":440,"affected":449},"CVE-2016-9635","Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[69],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":9,"platforms":77,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_8A689127FAC69918","Exploit Reference (scarybeastsecurity.blogspot.com)","reference","https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html","unknown",0.2,false,[],[],[],[81,83,85,87,89,91,93,95,97,99,101,103,105,107,109],{"_key":82},"ALPINE-CVE-2016-9635",{"_key":84},"SUSE-SU-2016:3288-1",{"_key":86},"SUSE-SU-2016:3303-1",{"_key":88},"SUSE-SU-2017:0210-1",{"_key":90},"SUSE-SU-2017:0225-1",{"_key":92},"SUSE-SU-2017:0237-1",{"_key":94},"DLA-727-1",{"_key":96},"DSA-3723-1",{"_key":98},"DSA-3724-1",{"_key":100},"MGASA-2016-0424",{"_key":102},"UBUNTU-CVE-2016-9635",{"_key":104},"DEBIAN-CVE-2016-9635",{"_key":106},"RHSA-2016:2975",{"_key":108},"RHSA-2017:0019",{"_key":110},"RHSA-2017:0020",[],[113,114,115,116,117,118],{"_key":84},{"_key":86},{"_key":88},{"_key":90},{"_key":92},{"_key":100},"2017-01-27T22:01:00.000Z","2024-08-06T02:59:03.142Z","Modified",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":123,"epss_score":124,"severity":125,"severity_score":126,"severity_version":127,"severity_source":128,"severity_vector":129,"severity_status":121},"medium",0.19531,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[131,139,144,148,152,156,162,168,174,179,184],{"url":132,"sources":133,"tags":135},"http://www.debian.org/security/2016/dsa-3724",[134,128],"cve.org",[136,137,138],"Vendor Advisory","X Refsource DEBIAN","Third Party Advisory",{"url":140,"sources":141,"tags":142},"http://rhn.redhat.com/errata/RHSA-2017-0019.html",[134,128],[136,143],"X Refsource REDHAT",{"url":145,"sources":146,"tags":147},"http://rhn.redhat.com/errata/RHSA-2016-2975.html",[134,128],[136,143,138],{"url":149,"sources":150,"tags":151},"http://www.debian.org/security/2016/dsa-3723",[134,128],[136,137,138],{"url":153,"sources":154,"tags":155},"http://rhn.redhat.com/errata/RHSA-2017-0020.html",[134,128],[136,143],{"url":157,"sources":158,"tags":159},"http://www.securityfocus.com/bid/94499",[134,128],[160,161,138],"VDB Entry","X Refsource BID",{"url":163,"sources":164,"tags":165},"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",[134,128],[166,167,136],"X Refsource CONFIRM","Release Notes",{"url":169,"sources":170,"tags":171},"http://www.openwall.com/lists/oss-security/2016/11/24/2",[134,128],[172,173,138],"Mailing List","X Refsource MLIST",{"url":175,"sources":176,"tags":177},"https://bugzilla.gnome.org/show_bug.cgi?id=774834",[134,128],[166,178],"Issue Tracking",{"url":180,"sources":181,"tags":182},"https://security.gentoo.org/glsa/201705-10",[134,128],[136,183],"X Refsource GENTOO",{"url":73,"sources":185,"tags":186},[134,128],[187,188,189],"X Refsource MISC","Exploit","Technical Description",[],{"date":192,"score":124,"percentile":193},"2026-06-05",0.9553,[195,199,202,205,208,210,213,215,217,220,223,226,229,232,234,237,240,243,246,249,251,254,257,260,263,265,267,270,273,276,278,280,282,284,287,289,292,295,298,301,303,306,309,312,315,318,320,323,326,329,331,334,337,340,343,346,348,350,352,355,358,361,363,366,368,370,372,374,376,379,382,385,387,389,392,394,398,401,404,407,410,413,416,419,422,425,428,431,434,437],{"date":196,"score":197,"percentile":198},"2025-11-04",0.16094,0.94504,{"date":200,"score":197,"percentile":201},"2025-11-05",0.94503,{"date":203,"score":197,"percentile":204},"2025-11-06",0.94505,{"date":206,"score":197,"percentile":207},"2025-11-07",0.94507,{"date":209,"score":197,"percentile":198},"2025-11-08",{"date":211,"score":197,"percentile":212},"2025-11-09",0.94502,{"date":214,"score":197,"percentile":201},"2025-11-10",{"date":216,"score":197,"percentile":198},"2025-11-11",{"date":218,"score":197,"percentile":219},"2025-11-12",0.94508,{"date":221,"score":197,"percentile":222},"2025-11-13",0.94509,{"date":224,"score":197,"percentile":225},"2025-11-14",0.94511,{"date":227,"score":197,"percentile":228},"2025-11-15",0.94506,{"date":230,"score":197,"percentile":231},"2025-11-16",0.9451,{"date":233,"score":197,"percentile":222},"2025-11-17",{"date":235,"score":197,"percentile":236},"2025-11-18",0.94239,{"date":238,"score":197,"percentile":239},"2025-11-19",0.94243,{"date":241,"score":197,"percentile":242},"2025-11-20",0.94246,{"date":244,"score":197,"percentile":245},"2025-11-21",0.94518,{"date":247,"score":197,"percentile":248},"2025-11-22",0.94516,{"date":250,"score":197,"percentile":245},"2025-11-23",{"date":252,"score":197,"percentile":253},"2025-11-24",0.94521,{"date":255,"score":197,"percentile":256},"2025-11-25",0.94523,{"date":258,"score":197,"percentile":259},"2025-11-26",0.94525,{"date":261,"score":197,"percentile":262},"2025-11-27",0.94528,{"date":264,"score":197,"percentile":259},"2025-11-28",{"date":266,"score":197,"percentile":262},"2025-11-29",{"date":268,"score":197,"percentile":269},"2025-11-30",0.94526,{"date":271,"score":197,"percentile":272},"2025-12-01",0.94572,{"date":274,"score":197,"percentile":275},"2025-12-02",0.94573,{"date":277,"score":197,"percentile":275},"2025-12-03",{"date":279,"score":197,"percentile":256},"2025-12-04",{"date":281,"score":197,"percentile":259},"2025-12-05",{"date":283,"score":197,"percentile":259},"2025-12-06",{"date":285,"score":197,"percentile":286},"2025-12-07",0.94531,{"date":288,"score":197,"percentile":286},"2025-12-08",{"date":290,"score":197,"percentile":291},"2025-12-09",0.94536,{"date":293,"score":197,"percentile":294},"2025-12-10",0.94542,{"date":296,"score":197,"percentile":297},"2025-12-11",0.94545,{"date":299,"score":197,"percentile":300},"2025-12-12",0.94547,{"date":302,"score":197,"percentile":300},"2025-12-13",{"date":304,"score":197,"percentile":305},"2025-12-14",0.94546,{"date":307,"score":197,"percentile":308},"2025-12-15",0.9455,{"date":310,"score":197,"percentile":311},"2025-12-16",0.94553,{"date":313,"score":197,"percentile":314},"2025-12-17",0.94556,{"date":316,"score":197,"percentile":317},"2025-12-18",0.94559,{"date":319,"score":197,"percentile":317},"2025-12-19",{"date":321,"score":197,"percentile":322},"2025-12-20",0.94561,{"date":324,"score":197,"percentile":325},"2025-12-21",0.94562,{"date":327,"score":197,"percentile":328},"2025-12-22",0.94563,{"date":330,"score":197,"percentile":325},"2025-12-23",{"date":332,"score":197,"percentile":333},"2025-12-24",0.94569,{"date":335,"score":197,"percentile":336},"2025-12-25",0.94577,{"date":338,"score":197,"percentile":339},"2025-12-26",0.94576,{"date":341,"score":197,"percentile":342},"2025-12-27",0.94602,{"date":344,"score":197,"percentile":345},"2025-12-28",0.94571,{"date":347,"score":197,"percentile":345},"2025-12-29",{"date":349,"score":197,"percentile":272},"2025-12-30",{"date":351,"score":197,"percentile":336},"2025-12-31",{"date":353,"score":197,"percentile":354},"2026-01-01",0.94621,{"date":356,"score":197,"percentile":357},"2026-01-02",0.94616,{"date":359,"score":197,"percentile":360},"2026-01-03",0.94613,{"date":362,"score":197,"percentile":345},"2026-01-04",{"date":364,"score":197,"percentile":365},"2026-01-05",0.94566,{"date":367,"score":197,"percentile":365},"2026-01-06",{"date":369,"score":197,"percentile":365},"2026-01-07",{"date":371,"score":197,"percentile":272},"2026-01-08",{"date":373,"score":197,"percentile":272},"2026-01-09",{"date":375,"score":197,"percentile":272},"2026-01-10",{"date":377,"score":197,"percentile":378},"2026-01-11",0.9457,{"date":380,"score":197,"percentile":381},"2026-01-12",0.94568,{"date":383,"score":197,"percentile":384},"2026-01-13",0.94567,{"date":386,"score":197,"percentile":272},"2026-01-14",{"date":388,"score":197,"percentile":272},"2026-01-15",{"date":390,"score":197,"percentile":391},"2026-01-16",0.94575,{"date":393,"score":197,"percentile":336},"2026-01-17",{"date":395,"score":396,"percentile":397},"2026-01-18",0.16452,0.94668,{"date":399,"score":396,"percentile":400},"2026-01-19",0.94664,{"date":402,"score":396,"percentile":403},"2026-01-20",0.94669,{"date":405,"score":396,"percentile":406},"2026-01-21",0.9467,{"date":408,"score":396,"percentile":409},"2026-01-22",0.94672,{"date":411,"score":396,"percentile":412},"2026-01-23",0.94679,{"date":414,"score":396,"percentile":415},"2026-01-24",0.94683,{"date":417,"score":396,"percentile":418},"2026-01-25",0.94685,{"date":420,"score":197,"percentile":421},"2026-01-26",0.94593,{"date":423,"score":197,"percentile":424},"2026-01-27",0.94592,{"date":426,"score":197,"percentile":427},"2026-01-28",0.94595,{"date":429,"score":197,"percentile":430},"2026-01-29",0.94597,{"date":432,"score":197,"percentile":433},"2026-01-30",0.94596,{"date":435,"score":197,"percentile":436},"2026-01-31",0.94599,{"date":438,"score":197,"percentile":439},"2026-02-01",0.94638,[441],{"source":128,"cvss_v2_0":442,"cvss_v3_0":447,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":443,"baseSeverity":9,"vectorString":444,"impactScore":445,"exploitabilityScore":446},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":126,"baseSeverity":448,"vectorString":129,"impactScore":126,"exploitabilityScore":446},"CRITICAL",[450,459,468,475,480,485],{"ecosystem":9,"name":451,"vendor":452,"product":453,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"debian linux","debian","debian_linux","o",[456],{"version":457,"is_range":76,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":460,"vendor":460,"product":460,"cpe_part":461,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"gstreamer","a",[463],{"version":464,"is_range":465,"range_type":458,"version_start":9,"version_start_type":9,"version_end":466,"version_end_type":467,"fixed_in":9},"lte1.10.1",true,"1.10.1","including",{"ecosystem":9,"name":469,"vendor":470,"product":471,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"enterprise linux desktop","redhat","enterprise_linux_desktop",[473],{"version":474,"is_range":76,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"ecosystem":9,"name":476,"vendor":470,"product":477,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":478},"enterprise linux hpc node","enterprise_linux_hpc_node",[479],{"version":474,"is_range":76,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":481,"vendor":470,"product":482,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":483},"enterprise linux server","enterprise_linux_server",[484],{"version":474,"is_range":76,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":486,"vendor":470,"product":487,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":488},"enterprise linux workstation","enterprise_linux_workstation",[489],{"version":474,"is_range":76,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]