25 matches found
Medium: gstreamer-plugins-bad-free
Issue Overview: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5362 NOTE: Fixed by:...
gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video
A heap-buffer overflow flaw was found in the MXF file demuxer in the GStreamer Plugins Bad when handling malformed files with an uncompressed video. This issue requires user interaction with the library, and could allow a malicious user to cause an integer overflow before allocating the buffer,...
gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video
A heap-buffer overflow flaw was found in the MXF file demuxer in the GStreamer Plugins Bad when handling malformed files with an uncompressed video. This issue requires user interaction with the library, and could allow a malicious user to cause an integer overflow before allocating the buffer,...
RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2024:2287)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2287 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...
SUSE SLES12: gstreamer / gstreamer-devel / gstreamer-lang / gstreamer-utils / etc (SUSE-SU-2024:0307-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0307-1 advisory. - CVE-2023-40474: Fixed an integer overflow during MXF file parsing bsc1215796. Tenable has extracted the preceding description block direct...
SUSE SLED15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2024:0005-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0005-1 advisory. - CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free bsc1217213. - CVE-2023-40475: Fixed GStreame...
SUSE SLES12: gstreamer / gstreamer-devel / gstreamer-lang / gstreamer-utils / etc (SUSE-SU-2023:4982-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4982-1 advisory. - CVE-2023-40474: Fixed GStreamer MXF File Parsing Integer Overflow bsc1215796. Tenable has extracted the preceding description block direct...
SUSE SLES15: gstreamer / gstreamer-devel / gstreamer-lang / gstreamer-utils / etc (SUSE-SU-2023:4980-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4980-1 advisory. - CVE-2023-40474: Fixed GStreamer MXF File Parsing Integer Overflow bsc1215796. Tenable has extracted the preceding description block direct...
SUSE SLES12: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2023:4972-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4972-1 advisory. - CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow bsc1215792. Tenable has extracted the preceding description block direct...
SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4971-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4971-1 advisory. - CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free bsc1217213. - CVE-2023-40475: Fixed GStreamer MXF File Parsing...
SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4947-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4947-1 advisory. CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow bsc1215792. Tenable has extracted the preceding description block directly...
CVE-2023-40474
A heap-buffer overflow flaw was found in the MXF file demuxer in the GStreamer Plugins Bad when handling malformed files with an uncompressed video. This issue requires user interaction with the library, and could allow a malicious user to cause an integer overflow before allocating the buffer,...
Heap Buffer Overflow
gst-plugins-bad GStreamer is vulnerable to Heap Buffer Overflow. The vulnerability is caused when handling malformed files with an uncompressed video. This could allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code execution via heap...
SUSE SLES12: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2023:4597-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4597-1 advisory. - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. -...
SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4594-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4594-1 advisory. - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. -...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : GStreamer Bad Plugins vulnerabilities (USN-6526-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6526-1 advisory. It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue ...
SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2023:4596-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4596-1 advisory. - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video bsc1215796. -...
SUSE SLES12: gstreamer-plugins-bad / gstreamer-plugins-bad-devel / etc (SUSE-SU-2023:4368-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4368-1 advisory. - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793. Tenable has extracted...
SUSE SLED15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4360-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4360-1 advisory. - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...
SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:4361-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4361-1 advisory. - Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 Note that Nessus has not tested for...