Heap-based Buffer Overflow

2023-11-3018:06:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

gstreamer

malformed streams

crash

code execution

heap manipulation

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.2%

JSON

gst-plugins-bad (gstreamer: AV1 codec parser) is vulnerable to Heap-based Buffer Overflow. The vulnerability is caused due to a failure in handling / processing certain malformed streams. A malicious user can use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation.

CPENameOperatorVersion
gst-plugins-bad:3.18eq1.22.2-r0
gst-plugins-bad:3.18eq1.22.5-r0
gst-plugins-bad:3.18eq1.22.2-r1
gst-plugins-bad:3.18eq1.22.3-r0
gst-plugins-bad:3.18eq1.22.4-r0
gst-plugins-bad:edgeeq1.20.3-r4
gst-plugins-bad:edgeeq1.18.4-r4
gst-plugins-bad:edgeeq1.22.0-r0
gst-plugins-bad:edgeeq1.20.3-r3
gst-plugins-bad:edgeeq1.18.6-r0

Name	Operator	Version
gst-plugins-bad:3.18	eq	1.22.2-r0
gst-plugins-bad:3.18	eq	1.22.5-r0
gst-plugins-bad:3.18	eq	1.22.2-r1
gst-plugins-bad:3.18	eq	1.22.3-r0
gst-plugins-bad:3.18	eq	1.22.4-r0
gst-plugins-bad:edge	eq	1.20.3-r4
gst-plugins-bad:edge	eq	1.18.4-r4
gst-plugins-bad:edge	eq	1.22.0-r0
gst-plugins-bad:edge	eq	1.20.3-r3
gst-plugins-bad:edge	eq	1.18.6-r0