Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : GStreamer Bad Plugins vulnerabilities (USN-6526-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6526-1 advisory. It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue ...

GStreamer Security Vulnerability

GStreamer is a set of frameworks for processing streaming media. A security vulnerability exists in GStreamer versions prior to 1.22.7, which stems from a heap-based buffer overflow vulnerability in the AV1 codec parser when processing certain malformed streams, which can be exploited by an...

GStreamer Security Vulnerability

GStreamer is a set of frameworks for handling streaming media. A security vulnerability exists in GStreamer that stems from a problem with the media framework and its codec and demultiplexer plug-ins, which could result in a denial of service or the execution of arbitrary code if an incorrectly...

Fixed in ClickHouse v23.10.5.20, 2023-11-26​

A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate...

PT-2023-30321 · Unknown +1 · Clickhouse

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 23.10.2.13-stable ClickHouse versions prior to 23.9.4.11-stable ClickHouse versions prior to 23.8.6.16-lts ClickHouse versions prior to 23.3.16.7-lts Description: A heap buffer overflow issue was discovered in the...

PT-2023-30912 · Unknown +1 · Gorilla Codec +2

Name of the Vulnerable Software and Affected Versions: ClickHouse versions 23.3.18.15, 23.8.8.20, 23.9.6.20, 23.10.5.20 ClickHouse Cloud version 23.9.2.47551 Description: A heap buffer overflow issue was discovered in the ClickHouse server, allowing an attacker to send a specially crafted payload...

PT-2023-30765 · Unknown +1 · Clickhouse

Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: The issue is an integer underflow resulting in a crash due to a stack buffer overflow in the decompression of the FPC codec. It can be triggered and exploited by an unauthenticated...

CVE-2023-47118

A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has...

CVE-2023-48704

A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the Gorilla codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has been push...

CVE-2023-48298

An integer underflow vulnerability in the FPC compressions codec. An attacker can use it to cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has been pushed to the following open-source versions: v23.10.4.25, v23.9.5.29,...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 9

New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora 39 : gst-devtools / gstreamer1 / gstreamer1-doc / python-gstreamer1 (2023-1661e0af22)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-1661e0af22 advisory. Fixes for GStreamer-SA-2023-0010 ZDI-CAN-22299 and GStreamer-SA-2023-0009 ZDI-CAN-22226 CVE-2023-44429 Tenable has extracted the preceding description block...

Fedora 39 : gstreamer1-plugin-libav / gstreamer1-plugins-bad-free / etc (2023-6a4aea6d13)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-6a4aea6d13 advisory. 1.22.7 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...

CVE-2023-44429

A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation. Mitigation Mitigation...

CVE-2023-44429

GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1...

kernel: Linux kernel: ALSA HDA denial of service via array overflow

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA High Definition Audio HDA component. A local user could exploit this vulnerability by providing specially crafted 9.1 surround channel names, leading to an array overflow in the getlineoutpfx function. This can cause a...

Exploit for Out-of-bounds Write in Google Chrome

level 1: craft.c - bad.webp bash exist: docker 813b6b757...

kernel: Linux kernel: ALSA HDA denial of service via array overflow

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA High Definition Audio HDA component. A local user could exploit this vulnerability by providing specially crafted 9.1 surround channel names, leading to an array overflow in the getlineoutpfx function. This can cause a...

kernel: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds

A slab-out-of-bounds read vulnerability was found in the Linux kernel's ASoC tx-macro codec driver. The decimator variable was incorrectly sized at 32 bits, causing regcacheflatread to access memory beyond the allocated slab when reading register cache values during the txmacrodigitalmute...