Bug 2254588 (CVE-2023-40475, ZDI-CAN-21661) - CVE-2023-40475 gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio
Summary: CVE-2023-40475 gstreamer-plugins-bad: Integer overflow leading to heap overwr...
Keywords:
Status: NEW
Alias: CVE-2023-40475, ZDI-CAN-21661
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2254564
TreeView+ depends on / blocked
 
Reported: 2023-12-14 17:46 UTC by Patrick Del Bello
Modified: 2024-05-22 09:42 UTC (History)
2 users (show)

Fixed In Version: gstreamer-plugins-bad 1.22.6
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2287 0 None None None 2024-04-30 10:01:20 UTC
Red Hat Product Errata RHSA-2024:3060 0 None None None 2024-05-22 09:42:46 UTC

Description Patrick Del Bello 2023-12-14 17:46:50 UTC 
Heap-based buffer overflow in the MXF file demuxer when handling malformed files with AES3 audio in GStreamer versions before 1.22.6
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.


https://gstreamer.freedesktop.org/security/sa-2023-0007.html
Comment 6 errata-xmlrpc 2024-04-30 10:01:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2287 https://access.redhat.com/errata/RHSA-2024:2287
Comment 7 errata-xmlrpc 2024-05-22 09:42:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3060 https://access.redhat.com/errata/RHSA-2024:3060
Note You need to log in before you can comment on or make changes to this bug.