2254589 – (CVE-2023-40476, ZDI-CAN-21768) CVE-2023-40476 gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite

Bug 2254589 (CVE-2023-40476, ZDI-CAN-21768) - CVE-2023-40476 gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite

Summary: CVE-2023-40476 gstreamer-plugins-bad: Integer overflow in H.265 video parser ...

Keywords:
Status:	NEW
Alias:	CVE-2023-40476, ZDI-CAN-21768
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2254564
TreeView+	depends on / blocked

Reported:	2023-12-14 17:46 UTC by Patrick Del Bello
Modified:	2024-04-30 10:01 UTC (History)
CC List:	1 user (show)
Fixed In Version:	gstreamer-plugins-bad 1.22.6
Doc Type:	If docs needed, set a value
Doc Text:	A stack-based buffer overflow was found in the GStreamer Plugins Bad when handling malformed files with H.265 video streams. This issue requires user interaction with the library and may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code execution via heap manipulation, executing code in the context of the current process.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:2287	0	None	None	None	2024-04-30 10:01:21 UTC

Description Patrick Del Bello 2023-12-14 17:46:55 UTC

Stack-based buffer overflow in the H.265 video parser when handling malformed H.265 video streams in GStreamer versions before 1.22.6
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through stack manipulation.


https://gstreamer.freedesktop.org/security/sa-2023-0008.html

Comment 3 errata-xmlrpc 2024-04-30 10:01:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2287 https://access.redhat.com/errata/RHSA-2024:2287

Note You need to log in before you can comment on or make changes to this bug.