Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240806-09
HistoryAug 06, 2024 - 12:00 a.m.

ROS-20240806-09

2024-08-0600:00:00
redos.red-soft.ru
8
gstreamer
framework
vulnerability
stacked buffer overflow
integer overflow
mxf file parser
remote code execution
crafted files
multimedia
arbitrary code

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

JSON

Gstreamer multimedia framework vulnerability is related to stacked buffer overflow. Exploitation
The vulnerability could allow a remote attacker to execute arbitrary code using specially crafted H265 encoded files.
specially crafted H265 encoded files

Gstreamer multimedia framework vulnerability is related to integer overflow. Exploitation
exploitation of the vulnerability could allow a remote attacker to execute arbitrary code using specially crafted MXF files.
specially generated MXF files

Vulnerability in the MXF File Parser component of the Gstreamer multimedia framework is related to integer overflow.
overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code by loading a specially generated MFX video file.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64gstreamer1-plugins-bad-free< 1.16.3-2UNKNOWN

Related

nessus 40
almalinux 2
osv 8
oraclelinux 2
rocky 2
openvas 27
amazon 1
redhat 3
debian 2
rosalinux 1
gentoo 1
photon 3
ubuntu 1
ubuntucve 3
debiancve 3
alpinelinux 3
vulnrichment 3
redhatcve 3
nvd 3
cve 3
veracode 3
zdi 3
cvelist 3
mageia 1
hp 2
nessus
nessus
Debian DLA-3633-1 : gst-plugins-bad1.0 - LTS security update
2023-10-29 00:00:00
Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)
2024-06-14 00:00:00
Debian DSA-5533-1 : gst-plugins-bad1.0 - security update
2023-10-25 00:00:00
almalinux
almalinux
Moderate: gstreamer1-plugins-bad-free security update
2024-05-22 00:00:00
Moderate: gstreamer1-plugins-bad-free security update
2024-04-30 00:00:00
osv
osv
gst-plugins-bad1.0 - security update
2023-10-24 00:00:00
Moderate: gstreamer1-plugins-bad-free security update
2024-05-22 00:00:00
gst-plugins-bad1.0 - security update
2023-10-28 00:00:00
oraclelinux
oraclelinux
gstreamer1-plugins-bad-free security update
2024-05-23 00:00:00
gstreamer1-plugins-bad-free security update
2024-05-02 00:00:00
rocky
rocky
gstreamer1-plugins-bad-free security update
2024-06-14 13:59:30
gstreamer1-plugins-bad-free security update
2024-05-10 14:32:38
openvas
openvas
Debian: Security Advisory (DSA-5533-1)
2023-10-25 00:00:00
Debian: Security Advisory (DLA-3633-1)
2023-10-30 00:00:00
openSUSE: Security Advisory for gstreamer (SUSE-SU-2023:4594-1)
2024-03-04 00:00:00
amazon
amazon
Important: gstreamer1-plugins-bad-free
2023-10-12 15:09:00
redhat
redhat
(RHSA-2024:3060) Moderate: gstreamer1-plugins-bad-free security update
2024-05-22 06:35:29
(RHSA-2024:2287) Moderate: gstreamer1-plugins-bad-free security update
2024-04-30 06:15:16
(RHSA-2024:4484) Important: OpenShift Container Platform 4.13.45 bug fix and security update
2024-07-17 01:29:32
debian
debian
[SECURITY] [DLA 3633-1] gst-plugins-bad1.0 security update
2023-10-28 12:08:28
[SECURITY] [DSA 5533-1] gst-plugins-bad1.0 security update
2023-10-24 20:58:56
rosalinux
rosalinux
Advisory ROSA-SA-2024-2357
2024-02-20 10:26:09
gentoo
gentoo
GStreamer, GStreamer Plugins: Multiple Vulnerabilities
2024-06-28 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0145
2023-11-17 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0167
2023-12-12 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0513
2023-11-16 00:00:00
ubuntu
ubuntu
GStreamer Bad Plugins vulnerabilities
2023-11-29 00:00:00
ubuntucve
ubuntucve
CVE-2023-40475
2023-09-28 00:00:00
CVE-2023-40474
2023-09-28 00:00:00
CVE-2023-40476
2023-09-28 00:00:00
debiancve
debiancve
CVE-2023-40475
2024-05-03 03:15:20
CVE-2023-40474
2024-05-03 03:15:19
CVE-2023-40476
2024-05-03 03:15:20
alpinelinux
alpinelinux
CVE-2023-40475
2024-05-03 03:15:20
CVE-2023-40474
2024-05-03 03:15:19
CVE-2023-40476
2024-05-03 03:15:20
vulnrichment
vulnrichment
CVE-2023-40475 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:11
CVE-2023-40476 GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:12
CVE-2023-40474 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:10
redhatcve
redhatcve
CVE-2023-40475
2023-12-14 18:02:49
CVE-2023-40476
2023-12-14 18:03:03
CVE-2023-40474
2023-12-14 18:02:57
nvd
nvd
CVE-2023-40475
2024-05-03 03:15:20
CVE-2023-40476
2024-05-03 03:15:20
CVE-2023-40474
2024-05-03 03:15:19
cve
cve
CVE-2023-40474
2024-05-03 03:15:19
CVE-2023-40475
2024-05-03 03:15:20
CVE-2023-40476
2024-05-03 03:15:20
veracode
veracode
Heap Buffer Overflow
2023-11-30 16:32:09
Integer Overflow
2023-11-30 16:32:06
Integer Overflow
2023-11-30 16:32:02
zdi
zdi
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2023-09-27 00:00:00
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2023-09-27 00:00:00
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2023-09-27 00:00:00
cvelist
cvelist
CVE-2023-40475 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:11
CVE-2023-40474 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:10
CVE-2023-40476 GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:12
mageia
mageia
Updated gstreamer packages fix many security vulnerabilities
2023-12-22 14:04:51
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

JSON
Related for ROS-20240806-09
nessus40almalinux2osv8oraclelinux2rocky2openvas27amazon1redhat3debian2rosalinux1gentoo1photon3ubuntu1ubuntucve3debiancve3alpinelinux3vulnrichment3redhatcve3nvd3cve3veracode3zdi3cvelist3mageia1hp2