36 matches found
MiracleLinux 8 : gstreamer1-plugins-bad-free-1.16.1-4.el8 (AXSA:2024-8316:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8316:04 advisory. gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 gstreamer-plugins-bad:...
Linux Distros Unpatched Vulnerability : CVE-2023-40476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...
RLSA-2024:3060 Moderate: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...
gstreamer1-plugins-bad-free security update
An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...
Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3060 advisory. gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 gstreamer-plugins-bad:...
Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2024-3060)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3060 advisory. - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow - Patch CVE-2023-40476: Integer overflow in H.265 video parser Tenabl...
ALSA-2024:3060 Moderate: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...
Rocky Linux 9 : gstreamer1-plugins-bad-free (RLSA-2024:2287)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2287 advisory. - GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code ...
RHEL 7 : gstreamer-plugins-bad (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio...
gstreamer1-plugins-bad-free security update
An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...
Oracle Linux 9 : gstreamer1-plugins-bad-free (ELSA-2024-2287)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2287 advisory. - CVE-2023-40474: Integer overflow leading to heap overwrite in MXF - CVE-2023-40475: Integer overflow leading to heap overwrite in MXF - CVE-2023-4047...
CVE-2023-40476 GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
CVE-2023-40476
CVE-2023-40476 affects GStreamer and its gst-plugins-bad1.0, with a stack-based buffer overflow in the H.265 video parser due to insufficient validation of user data length. This can allow a remote attacker to execute code in the context of the affected process. Exploitation details are not fully...
ALSA-2024:2287 Moderate: gstreamer1-plugins-bad-free security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...
openSUSE: Security Advisory for gstreamer (openSUSE-SU-2023:0409-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : gstreamer-plugins-bad (openSUSE-SU-2023:0409-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0409-1 advisory. - Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474, CVE-2023-40476 Note that Nessus has not...
OPENSUSE-SU-2023:0409-1 Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. - CVE-2023-40476: Fixed possible overflow using maxsublayersminus1 bsc1215793...
CVE-2023-40476
A stack-based buffer overflow was found in the GStreamer Plugins Bad when handling malformed files with H.265 video streams. This issue requires user interaction with the library and may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code...
SUSE SLES12: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2023:4597-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4597-1 advisory. - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. -...
SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4595-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4595-1 advisory. - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. -...