61 matches found
gstreamer1 -- multiple vulnerabilities
The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.3 release: Six security vulnerabilities were addressed, including: Bounds check errors in MXF VANC packet handling. Use-after-free in GStreamer core buffer value deserialization. Out-of-bounds read in MXF demuxer...
USN-8205-1 gst-plugins-bad1.0 vulnerabilities
It was discovered that multiple plugins in GStreamer contained arithmetic overflows. An attacker could possibly use this issue to cause applications using the plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37329, CVE-2023-40474, CVE-2023-40475,...
MiracleLinux 8 : gstreamer1-plugins-bad-free-1.16.1-2.el8_9.ML.1 (AXSA:2024-7357:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7357:01 advisory. gstreamer: MXF demuxer use-after-free vulnerability CVE-2023-44446 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 7 : gstreamer1-plugins-bad-free-1.10.4-4.el7 (AXSA:2024-7382:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7382:02 advisory. gstreamer: MXF demuxer use-after-free vulnerability CVE-2023-44446 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 7 : gstreamer-plugins-bad-free-0.10.23-24.el7 (AXSA:2024-7443:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7443:01 advisory. gstreamer: MXF demuxer use-after-free vulnerability CVE-2023-44446 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 9 : gstreamer1-plugins-bad-free-1.22.1-2.el9_3 (AXSA:2023-7048:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7048:03 advisory. gstreamer: AV1 codec parser heap-based buffer overflow CVE-2023-44429 gstreamer: MXF demuxer use-after-free vulnerability CVE-2023-44446 Tenable has...
TencentOS Server 3: gstreamer1-plugins-bad-free (TSSA-2024:0196)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0196 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2023-44446
GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending...
gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio
A heap buffer overflow flaw was found in the MXF file, demuxer, in the GStreamer Plugins Bad when handling malformed files with AES3 audio. This issue requires user interaction with the library. It may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a...
EulerOS 2.0 SP8 : gstreamer1-plugins-bad-free (EulerOS-SA-2024-1271)
According to the versions of the gstreamer1-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allo...
EulerOS 2.0 SP8 : gstreamer-plugins-bad-free (EulerOS-SA-2024-1272)
According to the versions of the gstreamer-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow...
SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2024:0780-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0780-1 advisory. - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213. Tenable has extracted the preceding...
SUSE SLES12: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2024:0779-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0779-1 advisory. - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213. Tenable has extracted the preceding...
CentOS: Security Advisory for gstreamer-plugins-bad-free (CESA-2024:0279)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
gstreamer1 security update
CentOS Errata and Security Advisory CESA-2024:0013 An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives...
CentOS 7 : gstreamer-plugins-bad-free (RHSA-2024:0279)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0279 advisory. - MXF demuxer use-after-free vulnerability fedora-all CVE-2023-44446 Note that Nessus has not tested for this issue but has instead relied only on the...
gstreamer security update
CentOS Errata and Security Advisory CESA-2024:0279 An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...
gstreamer-plugins-bad-free security update
0.10.23-24 - Patch CVE-2023-44446: MXF demuxer use-after-free - Disable gtk-doc to fix the build - Resolves: RHEL-16792...
Oracle Linux 7 : gstreamer-plugins-bad-free (ELSA-2024-0279)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0279 advisory. - Patch CVE-2023-44446: MXF demuxer use-after-free Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
Important: Red Hat Security Advisory: gstreamer-plugins-bad-free security update
An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...