Heap-based buffer overflow in the PGS blu-ray subtitle decoder when handling certain files in GStreamer versions before 1.22.4 / 1.20.7. It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. https://gstreamer.freedesktop.org/security/sa-2023-0003.html
Upstream Commits: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5f3cf0a7d7ae7ab883d0611e85c06354f1e94907 https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/60226124ec367c2549e4bf1e6174dfb8eca5a63d
Created gstreamer1-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 2254683] Created mingw-gstreamer1-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 2254684]
Please note that the dvdspu plugin has been stripped from our source packages due to legal constraints. Therefore, nothing shipped by Red Hat or Fedora should have ever been affected.