Bug 2250249 (CVE-2023-44446, ZDI-CAN-22299) - CVE-2023-44446 gstreamer: MXF demuxer use-after-free vulnerability
Summary: CVE-2023-44446 gstreamer: MXF demuxer use-after-free vulnerability
Keywords:
Status: NEW
Alias: CVE-2023-44446, ZDI-CAN-22299
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2250250
Blocks: 2250251
TreeView+ depends on / blocked
 
Reported: 2023-11-17 10:05 UTC by Mauro Matteo Cascella
Modified: 2024-01-17 17:58 UTC (History)
1 user (show)

Fixed In Version: gstreamer-plugins-bad-free 1.22.7
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0074 0 None None None 2024-01-08 08:20:31 UTC
Red Hat Product Errata RHBA-2024:0075 0 None None None 2024-01-08 08:17:56 UTC
Red Hat Product Errata RHSA-2023:7791 0 None None None 2023-12-13 16:24:28 UTC
Red Hat Product Errata RHSA-2023:7792 0 None None None 2023-12-13 16:19:21 UTC
Red Hat Product Errata RHSA-2023:7840 0 None None None 2023-12-14 09:14:54 UTC
Red Hat Product Errata RHSA-2023:7841 0 None None None 2023-12-14 09:32:26 UTC
Red Hat Product Errata RHSA-2023:7872 0 None None None 2023-12-18 07:36:57 UTC
Red Hat Product Errata RHSA-2023:7873 0 None None None 2023-12-18 07:38:55 UTC
Red Hat Product Errata RHSA-2023:7874 0 None None None 2023-12-18 07:37:11 UTC
Red Hat Product Errata RHSA-2023:7875 0 None None None 2023-12-18 07:36:37 UTC
Red Hat Product Errata RHSA-2024:0013 0 None None None 2024-01-02 08:23:03 UTC
Red Hat Product Errata RHSA-2024:0279 0 None None None 2024-01-17 17:58:28 UTC

Description Mauro Matteo Cascella 2023-11-17 10:05:40 UTC 
Use-after-free (read) in the MXF demuxer when handling certain files before GStreamer 1.22.7. It is possible for a malicious third party to trigger a crash in the application.

References:
https://gstreamer.freedesktop.org/security/sa-2023-0010.html
https://www.zerodayinitiative.com/advisories/ZDI-CAN-22299

Upstream MR & commit:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5635
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7dfaa57b6f9b55f17ffe824bd8988bb71ae11353
Comment 1 Mauro Matteo Cascella 2023-11-17 10:05:54 UTC 
Created gstreamer1-plugins-bad-free tracking bugs for this issue:

Affects: fedora-all [bug 2250250]
Comment 4 errata-xmlrpc 2023-12-13 16:19:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7792 https://access.redhat.com/errata/RHSA-2023:7792
Comment 5 errata-xmlrpc 2023-12-13 16:24:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7791 https://access.redhat.com/errata/RHSA-2023:7791
Comment 6 errata-xmlrpc 2023-12-14 09:14:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7840 https://access.redhat.com/errata/RHSA-2023:7840
Comment 7 errata-xmlrpc 2023-12-14 09:32:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7841 https://access.redhat.com/errata/RHSA-2023:7841
Comment 8 errata-xmlrpc 2023-12-18 07:36:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:7875 https://access.redhat.com/errata/RHSA-2023:7875
Comment 9 errata-xmlrpc 2023-12-18 07:36:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7872 https://access.redhat.com/errata/RHSA-2023:7872
Comment 10 errata-xmlrpc 2023-12-18 07:37:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7874 https://access.redhat.com/errata/RHSA-2023:7874
Comment 11 errata-xmlrpc 2023-12-18 07:38:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7873 https://access.redhat.com/errata/RHSA-2023:7873
Comment 12 errata-xmlrpc 2024-01-02 08:23:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0013 https://access.redhat.com/errata/RHSA-2024:0013
Comment 15 errata-xmlrpc 2024-01-17 17:58:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0279 https://access.redhat.com/errata/RHSA-2024:0279
Note You need to log in before you can comment on or make changes to this bug.