2254541 – (CVE-2023-37329, GStreamer-SA-2023-0003, ZDI-CAN-20994) CVE-2023-37329 gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay decoder

Bug 2254541 (CVE-2023-37329, GStreamer-SA-2023-0003, ZDI-CAN-20994) - CVE-2023-37329 gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay decoder

Summary: CVE-2023-37329 gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay ...

Keywords:
Status:	NEW
Alias:	CVE-2023-37329, GStreamer-SA-2023-0003, ZDI-CAN-20994
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2254683 2254684
Blocks:	2254548
TreeView+	depends on / blocked

Reported:	2023-12-14 12:18 UTC by TEJ RATHI
Modified:	2023-12-19 05:41 UTC (History)
CC List:	1 user (show)
Fixed In Version:	gst-plugins-bad 1.22.4, gst-plugins-bad 1.20.7
Doc Type:	If docs needed, set a value
Doc Text:	A heap-based buffer overflow vulnerability was found in the PGS Blu-ray subtitle decoder within GStreamer when processing specific files. This issue could allow a malicious third party to crash the application and execute code by manipulating the heap.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-12-14 12:18:44 UTC

Heap-based buffer overflow in the PGS blu-ray subtitle decoder when handling certain files in GStreamer versions before 1.22.4 / 1.20.7. It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.

https://gstreamer.freedesktop.org/security/sa-2023-0003.html

Comment 2 TEJ RATHI 2023-12-14 13:08:32 UTC

Upstream Commits:

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5f3cf0a7d7ae7ab883d0611e85c06354f1e94907
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/60226124ec367c2549e4bf1e6174dfb8eca5a63d

Comment 3 Sandipan Roy 2023-12-15 05:45:21 UTC

Created gstreamer1-plugins-bad-free tracking bugs for this issue:

Affects: fedora-all [bug 2254683]


Created mingw-gstreamer1-plugins-bad-free tracking bugs for this issue:

Affects: fedora-all [bug 2254684]

Comment 4 Yaakov Selkowitz 2023-12-15 06:35:36 UTC

Please note that the dvdspu plugin has been stripped from our source packages due to legal constraints.  Therefore, nothing shipped by Red Hat or Fedora should have ever been affected.

Note You need to log in before you can comment on or make changes to this bug.