Lucene search

K
centosCentOS ProjectCESA-2024:0013
HistoryFeb 05, 2024 - 7:26 p.m.

gstreamer1 security update

2024-02-0519:26:26
CentOS Project
lists.centos.org
90
gstreamer media framework
mxf demuxer vulnerability
centos cesa-2024:0013

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

CentOS Errata and Security Advisory CESA-2024:0013

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

  • gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2024-February/099222.html

Affected packages:
gstreamer1-plugins-bad-free
gstreamer1-plugins-bad-free-devel
gstreamer1-plugins-bad-free-gtk

Upstream details at:
https://access.redhat.com/errata/RHSA-2024:0013

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%