Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22.4 / 1.20.7. It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. https://gstreamer.freedesktop.org/security/sa-2023-0002.html
Upstream Commits: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/518ecba8f960137715f776dac6c93e4c4e4179d1 https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d9b360708115d4acc3fd4bf13cde066391ed057
Created gstreamer1-plugins-base tracking bugs for this issue: Affects: fedora-all [bug 2254681] Created mingw-gstreamer1-plugins-base tracking bugs for this issue: Affects: fedora-all [bug 2254682]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2302 https://access.redhat.com/errata/RHSA-2024:2302
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3088 https://access.redhat.com/errata/RHSA-2024:3088