Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44504
HistoryNov 30, 2023 - 6:06 p.m.

Heap-based Buffer Overflow

2023-11-3018:06:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
vulnerability
gstreamer
malformed streams
crash
code execution
heap manipulation

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.2%

gst-plugins-bad (gstreamer: AV1 codec parser) is vulnerable to Heap-based Buffer Overflow. The vulnerability is caused due to a failure in handling / processing certain malformed streams. A malicious user can use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.2%