Bug 2250247 (CVE-2023-44429, ZDI-CAN-22226)
Summary: | CVE-2023-44429 gstreamer: AV1 codec parser heap-based buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | gstreamer-plugins-bad-free 1.22.7 | Doc Type: | --- |
Doc Text: |
A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2250248 | ||
Bug Blocks: | 2250251 |
Description
Mauro Matteo Cascella
2023-11-17 09:49:55 UTC
Created gstreamer1-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 2250248] Statement: A malicious third party has the potential to induce a crash in the application and may also impact code execution by manipulating the heap. Additionally, this vulnerability could lead to unauthorized access and compromise the security of the system. Red Hat Enterprise Linux 7 & 8 has gstreamer < 1.17 which does not have the av1 parser yet(does not have the vulnerable code), so RHEL-7 & RHEL-8 are not affected by this CVE. This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7792 https://access.redhat.com/errata/RHSA-2023:7792 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:7791 https://access.redhat.com/errata/RHSA-2023:7791 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:7873 https://access.redhat.com/errata/RHSA-2023:7873 |