All the vulnerabilites related to GStreamer - GStreamer
cve-2016-9635
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3724 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0019.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2975.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2016/dsa-3723 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0020.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/94499 | vdb-entry, x_refsource_BID | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/24/2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.gnome.org/show_bug.cgi?id=774834 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a \u0027skip count\u0027 that goes beyond initialized buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a \u0027skip count\u0027 that goes beyond initialized buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94499"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=774834",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9635",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47539
Vulnerability from cvelistv5
Published
2024-12-11 18:53
Modified
2024-12-11 21:41
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0007.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47539",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:41:01.424458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:41:10.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 \u003c ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop\u0027s expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:53:00.750Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
}
],
"source": {
"advisory": "GHSA-c89v-2mmr-7cr9",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47539",
"datePublished": "2024-12-11T18:53:00.750Z",
"dateReserved": "2024-09-25T21:46:10.930Z",
"dateUpdated": "2024-12-11T21:41:10.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47835
Vulnerability from cvelistv5
Published
2024-12-11 19:17
Modified
2024-12-11 21:14
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0029.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47835",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:14:03.373783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:14:10.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character \u0027]\u0027 in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character \u0027]\u0027, strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:17:26.688Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0029.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0029.html"
}
],
"source": {
"advisory": "GHSA-85h4-wm84-x659",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-263: Gstreamer NULL-pointer dereference in LRC subtitle parser"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47835",
"datePublished": "2024-12-11T19:17:26.688Z",
"dateReserved": "2024-10-03T14:06:12.644Z",
"dateUpdated": "2024-12-11T21:14:10.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47540
Vulnerability from cvelistv5
Published
2024-12-11 18:54
Modified
2024-12-12 14:34
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0017.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47540",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:34:42.237926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:34:59.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:54:04.383Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
}
],
"source": {
"advisory": "GHSA-7r72-m3fh-rrfh",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47540",
"datePublished": "2024-12-11T18:54:04.383Z",
"dateReserved": "2024-09-25T21:46:10.930Z",
"dateUpdated": "2024-12-12T14:34:59.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47544
Vulnerability from cvelistv5
Published
2024-12-11 18:57
Modified
2024-12-12 16:37
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-238_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0011.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T16:37:30.341361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T16:37:40.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:57:31.268Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-238_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-238_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0011.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0011.html"
}
],
"source": {
"advisory": "GHSA-p9cf-r365-qh32",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47544",
"datePublished": "2024-12-11T18:57:31.268Z",
"dateReserved": "2024-09-25T21:46:10.931Z",
"dateUpdated": "2024-12-12T16:37:40.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47615
Vulnerability from cvelistv5
Published
2024-12-11 19:13
Modified
2024-12-12 14:18
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0026.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47615",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:18:36.155409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:18:50.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad-\u003evorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad-\u003evorbis_mode_sizes array. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:13:47.894Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html"
}
],
"source": {
"advisory": "GHSA-c8rj-v4q3-38cx",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47615",
"datePublished": "2024-12-11T19:13:47.894Z",
"dateReserved": "2024-09-27T20:37:22.120Z",
"dateUpdated": "2024-12-12T14:18:50.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47541
Vulnerability from cvelistv5
Published
2024-12-11 18:54
Modified
2024-12-12 14:33
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0023.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47541",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:33:06.587461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:33:13.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket \"}\" appears before an opening curly bracket \"{\" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:54:33.099Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0023.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0023.html"
}
],
"source": {
"advisory": "GHSA-7h7h-6gjp-wqc4",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-228: GStreamer has an out-of-bounds write in SSA subtitle parser"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47541",
"datePublished": "2024-12-11T18:54:33.099Z",
"dateReserved": "2024-09-25T21:46:10.930Z",
"dateUpdated": "2024-12-12T14:33:13.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47601
Vulnerability from cvelistv5
Published
2024-12-11 19:03
Modified
2024-12-12 14:26
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0020.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47601",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:25:58.727068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:26:05.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:03:36.650Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0020.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0020.html"
}
],
"source": {
"advisory": "GHSA-fgw2-8jw2-ph33",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-249: GStreamer has a NULL-pointer dereference in Matroska/WebM demuxer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47601",
"datePublished": "2024-12-11T19:03:36.650Z",
"dateReserved": "2024-09-27T20:37:22.119Z",
"dateUpdated": "2024-12-12T14:26:05.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9813
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3818 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0021.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.gnome.org/show_bug.cgi?id=775120 | x_refsource_CONFIRM | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/42162/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.openwall.com/lists/oss-security/2016/12/05/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/95158 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/01/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=775120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "42162",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42162/"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "95158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95158"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=775120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "42162",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42162/"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "95158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95158"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=775120",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=775120"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "42162",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42162/"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "95158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95158"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9813",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-12-04T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47600
Vulnerability from cvelistv5
Published
2024-12-11 19:03
Modified
2024-12-12 14:27
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0018.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47600",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:27:40.940103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:27:55.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value-\u003evalue_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:03:13.938Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html"
}
],
"source": {
"advisory": "GHSA-fg6q-9rhh-fmh7",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47600",
"datePublished": "2024-12-11T19:03:13.938Z",
"dateReserved": "2024-09-27T20:37:22.118Z",
"dateUpdated": "2024-12-12T14:27:55.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47597
Vulnerability from cvelistv5
Published
2024-12-11 19:01
Modified
2024-12-11 21:51
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-245_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0012.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47597",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:50:51.754656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:51:28.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream-\u003estco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:01:50.820Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-245_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-245_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0012.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0012.html"
}
],
"source": {
"advisory": "GHSA-22m6-44pv-4cgj",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47597",
"datePublished": "2024-12-11T19:01:50.820Z",
"dateReserved": "2024-09-27T20:37:22.118Z",
"dateUpdated": "2024-12-11T21:51:28.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47776
Vulnerability from cvelistv5
Published
2024-12-11 19:16
Modified
2024-12-11 21:06
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0027.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47776",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:06:46.744890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:06:56.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size \u003c 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:16:04.573Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html"
}
],
"source": {
"advisory": "GHSA-qw5m-vfj2-xrx9",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47776",
"datePublished": "2024-12-11T19:16:04.573Z",
"dateReserved": "2024-09-30T21:28:53.234Z",
"dateUpdated": "2024-12-11T21:06:56.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9811
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3819 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.gnome.org/show_bug.cgi?id=774902 | x_refsource_CONFIRM | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95161 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2060 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2016/12/05/8 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/01/2 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3819",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3819"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "95161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95161"
},
{
"name": "RHSA-2017:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html"
},
{
"name": "FEDORA-2021-ed54b1128a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-26T02:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3819",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3819"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "95161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95161"
},
{
"name": "RHSA-2017:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html"
},
{
"name": "FEDORA-2021-ed54b1128a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3819",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3819"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=774902",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774902"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "95161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95161"
},
{
"name": "RHSA-2017:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html"
},
{
"name": "FEDORA-2021-ed54b1128a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9811",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-12-04T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47542
Vulnerability from cvelistv5
Published
2024-12-11 18:55
Modified
2024-12-12 14:31
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0008.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47542",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:30:59.764281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:31:09.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work-\u003ehdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:55:18.069Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0008.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0008.html"
}
],
"source": {
"advisory": "GHSA-h236-x498-w7jc",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-235: GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47542",
"datePublished": "2024-12-11T18:55:18.069Z",
"dateReserved": "2024-09-25T21:46:10.931Z",
"dateUpdated": "2024-12-12T14:31:09.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47834
Vulnerability from cvelistv5
Published
2024-12-11 19:18
Modified
2024-12-11 21:15
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0030.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47834",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:15:13.370606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:15:31.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track-\u003ecodec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:18:04.069Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0030.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0030.html"
}
],
"source": {
"advisory": "GHSA-35x4-mx8h-fgm8",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-280: Gstreamer Use-After-Free read in Matroska CodecPrivate"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47834",
"datePublished": "2024-12-11T19:18:04.069Z",
"dateReserved": "2024-10-03T14:06:12.643Z",
"dateUpdated": "2024-12-11T21:15:31.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47598
Vulnerability from cvelistv5
Published
2024-12-11 19:02
Modified
2024-12-11 21:42
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-246_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0006.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:40:02.710613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:42:50.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn\u2019t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts-\u003edata. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:02:32.029Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-246_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-246_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0006.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0006.html"
}
],
"source": {
"advisory": "GHSA-xgf3-8jmm-49hf",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47598",
"datePublished": "2024-12-11T19:02:32.029Z",
"dateReserved": "2024-09-27T20:37:22.118Z",
"dateUpdated": "2024-12-11T21:42:50.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37329
Vulnerability from cvelistv5
Published
2024-05-03 01:58
Modified
2024-08-02 17:09
Severity ?
EPSS score ?
Summary
GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-902/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0002.html | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "1.x \u003c 1.22.4, 1.x \u003c 1.20.7, 0.10.x"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T17:15:54.252422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:32.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-902",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-902/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "1.22.2"
}
]
}
],
"dateAssigned": "2023-06-30T12:37:25.335-05:00",
"datePublic": "2023-07-06T16:48:30.888-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:58:21.545Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-902",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-902/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0002.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-37329",
"datePublished": "2024-05-03T01:58:21.545Z",
"dateReserved": "2023-06-30T17:27:13.599Z",
"dateUpdated": "2024-08-02T17:09:34.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40475
Vulnerability from cvelistv5
Published
2024-05-03 02:11
Modified
2024-09-18 18:29
Severity ?
EPSS score ?
Summary
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21661.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1457/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0007.html | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"lessThan": "1.22.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T15:14:55.160944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:38:26.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1457",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1457/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "1.22.4 and 8dddb9ad2009705dfc3e50d59d7c56fc7314cfc3"
}
]
}
],
"dateAssigned": "2023-08-14T16:14:46.672-05:00",
"datePublic": "2023-09-27T13:57:02.068-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-21661."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:38.848Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1457",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1457/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0007.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40475",
"datePublished": "2024-05-03T02:11:11.400Z",
"dateReserved": "2023-08-14T21:06:28.912Z",
"dateUpdated": "2024-09-18T18:29:38.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38104
Vulnerability from cvelistv5
Published
2024-05-03 01:59
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21444.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "1.22.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:20:23.373178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:25:43.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1008",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1008/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/uploads/d4a0aa4ec2165f6c418703b9e1459d8b/0002-rmdemux-Check-for-integer-overflow-when-calculation-.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "1.22.3"
}
]
}
],
"dateAssigned": "2023-07-12T10:35:24.881-05:00",
"datePublic": "2023-07-27T08:10:27.367-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21444."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:05.115Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1008",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1008/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/uploads/d4a0aa4ec2165f6c418703b9e1459d8b/0002-rmdemux-Check-for-integer-overflow-when-calculation-.patch"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38104",
"datePublished": "2024-05-03T01:59:05.115Z",
"dateReserved": "2023-07-12T15:22:20.620Z",
"dateUpdated": "2024-08-02T17:30:13.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9636
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3724 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0019.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2975.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2016/dsa-3723 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0020.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/94499 | vdb-entry, x_refsource_BID | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/24/2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.gnome.org/show_bug.cgi?id=774834 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a \u0027write count\u0027 that goes beyond the initialized buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a \u0027write count\u0027 that goes beyond the initialized buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94499"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=774834",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9636",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40474
Vulnerability from cvelistv5
Published
2024-05-03 02:11
Modified
2024-09-18 18:29
Severity ?
EPSS score ?
Summary
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21660.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1456/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0006.html | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"lessThan": "1.22.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T17:12:24.638051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:38:12.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1456",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1456/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "1.22.4 and 8dddb9ad2009705dfc3e50d59d7c56fc7314cfc3"
}
]
}
],
"dateAssigned": "2023-08-14T16:14:46.667-05:00",
"datePublic": "2023-09-27T13:56:57.502-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-21660."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:38.132Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1456",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1456/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0006.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40474",
"datePublished": "2024-05-03T02:11:10.627Z",
"dateReserved": "2023-08-14T21:06:28.912Z",
"dateUpdated": "2024-09-18T18:29:38.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9634
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3724 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0019.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2975.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2016/dsa-3723 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0020.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/94499 | vdb-entry, x_refsource_BID | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/24/2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.gnome.org/show_bug.cgi?id=774834 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3724"
},
{
"name": "RHSA-2017:0019",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "DSA-3723",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3723"
},
{
"name": "RHSA-2017:0020",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "94499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94499"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/24/2"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=774834",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9634",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37328
Vulnerability from cvelistv5
Published
2024-05-03 01:58
Modified
2024-09-18 18:29
Severity ?
EPSS score ?
Summary
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-20994.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-901/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0003.html | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"lessThan": "1.22.4",
"status": "affected",
"version": "1.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"lessThan": "1.20.7",
"status": "affected",
"version": "1.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "0.10.x"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T18:26:04.497010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:31.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-901",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-901/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "1.22 and latest commit 6dff93acf69c40271a769aa2fa35efbcc2aeb9b4"
}
]
}
],
"dateAssigned": "2023-06-30T12:37:25.329-05:00",
"datePublic": "2023-07-06T16:48:24.761-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-20994."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:30.133Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-901",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-901/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0003.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-37328",
"datePublished": "2024-05-03T01:58:20.745Z",
"dateReserved": "2023-06-30T17:27:13.599Z",
"dateUpdated": "2024-09-18T18:29:30.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44446
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1647/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0010.html | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:28:49.053275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:36:27.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1647",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1647/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "64a58c37acc564285a125f99570787fb678446c9"
}
]
}
],
"dateAssigned": "2023-09-28T13:14:48.353-05:00",
"datePublic": "2023-11-15T11:41:55.113-06:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:08.770Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1647",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1647/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0010.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-44446",
"datePublished": "2024-05-03T02:14:08.770Z",
"dateReserved": "2023-09-28T18:02:49.775Z",
"dateUpdated": "2024-08-02T20:07:33.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47543
Vulnerability from cvelistv5
Published
2024-12-11 18:55
Modified
2024-12-12 14:30
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-236_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0009.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47543",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:29:43.230153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:30:04.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:55:50.210Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-236_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-236_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0009.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0009.html"
}
],
"source": {
"advisory": "GHSA-f4cr-4qmv-5fh6",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-236: GStreamer has an OOB-read in qtdemux_parse_container"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47543",
"datePublished": "2024-12-11T18:55:50.210Z",
"dateReserved": "2024-09-25T21:46:10.931Z",
"dateUpdated": "2024-12-12T14:30:04.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9810
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95163 | vdb-entry, x_refsource_BID | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:2060 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.gnome.org/show_bug.cgi?id=774897 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/12/05/8 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/01/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95163"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "RHSA-2017:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774897"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95163"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "RHSA-2017:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774897"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95163"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "RHSA-2017:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=774897",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774897"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9810",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-12-04T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9808
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2017-0019.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2975.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2017-0020.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/95446 | vdb-entry, x_refsource_BID | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/12/05/8 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/01/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html"
},
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "95446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html"
},
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "95446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html"
},
{
"name": "RHSA-2017:0019",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "RHSA-2017:0020",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "95446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95446"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9808",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-12-04T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47537
Vulnerability from cvelistv5
Published
2024-12-11 18:51
Modified
2024-12-11 19:15
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0005.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T19:15:39.558211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:15:49.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-\u003esamples to accommodate stream-\u003en_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:51:56.158Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
}
],
"source": {
"advisory": "GHSA-2939-37w3-9rg9",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47537",
"datePublished": "2024-12-11T18:51:56.158Z",
"dateReserved": "2024-09-25T21:46:10.929Z",
"dateUpdated": "2024-12-11T19:15:49.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4453
Vulnerability from cvelistv5
Published
2024-05-22 19:18
Modified
2024-08-01 20:40
Severity ?
EPSS score ?
Summary
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-23896.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T15:47:50.864899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:44.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-467",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-467/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "fc0ef6ede6ceda8c89326b38899d4944a8091f40 and 1.24.0"
}
]
}
],
"dateAssigned": "2024-05-02T18:34:53.502-05:00",
"datePublic": "2024-05-17T18:23:20.302-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-23896."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T19:18:02.927Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-467",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-467/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-4453",
"datePublished": "2024-05-22T19:18:02.927Z",
"dateReserved": "2024-05-02T23:34:53.526Z",
"dateUpdated": "2024-08-01T20:40:47.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47606
Vulnerability from cvelistv5
Published
2024-12-11 19:12
Modified
2024-12-15 23:03
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0014.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47606",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T20:43:34.825705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T20:44:29.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-15T23:03:03.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the \u0027slice_size\u0027 variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem-\u003eallocator-\u003emem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:12:40.186Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
}
],
"source": {
"advisory": "GHSA-j7pq-xcp8-8qxx",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47606",
"datePublished": "2024-12-11T19:12:40.186Z",
"dateReserved": "2024-09-27T20:37:22.119Z",
"dateUpdated": "2024-12-15T23:03:03.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9809
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3818 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0021.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/95147 | vdb-entry, x_refsource_BID | |
| https://bugzilla.gnome.org/show_bug.cgi?id=774896 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2017-0018.html | vendor-advisory, x_refsource_REDHAT | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/12/05/8 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/01/2 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"name": "95147",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95147"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774896"
},
{
"name": "RHSA-2017:0018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T19:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"name": "95147",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95147"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774896"
},
{
"name": "RHSA-2017:0018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"name": "95147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95147"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=774896",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774896"
},
{
"name": "RHSA-2017:0018",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0018.html"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9809",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-12-04T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40476
Vulnerability from cvelistv5
Published
2024-05-03 02:11
Modified
2024-09-18 18:29
Severity ?
EPSS score ?
Summary
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21768.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1458/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0008.html | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"lessThan": "1.22.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T19:53:11.069598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T17:04:13.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:54.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1458",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1458/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "1.22.4 and 8dddb9ad2009705dfc3e50d59d7c56fc7314cfc3"
}
]
}
],
"dateAssigned": "2023-08-14T16:14:46.677-05:00",
"datePublic": "2023-09-27T13:57:06.438-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-21768."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:39.556Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1458",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1458/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0008.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40476",
"datePublished": "2024-05-03T02:11:12.156Z",
"dateReserved": "2023-08-14T21:06:28.912Z",
"dateUpdated": "2024-09-18T18:29:39.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44429
Vulnerability from cvelistv5
Published
2024-05-03 02:13
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1648/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0009.html | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "4bda59f88d148a41b412705d4739342123a192d9"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T16:30:35.828017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:26.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1648",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1648/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "4bda59f88d148a41b412705d4739342123a192d9"
}
]
}
],
"dateAssigned": "2023-09-28T13:14:48.251-05:00",
"datePublic": "2023-11-15T11:42:01.867-06:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:13:56.137Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1648",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1648/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0009.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-44429",
"datePublished": "2024-05-03T02:13:56.137Z",
"dateReserved": "2023-09-28T18:02:49.772Z",
"dateUpdated": "2024-08-02T20:07:33.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0444
Vulnerability from cvelistv5
Published
2024-06-07 22:49
Modified
2024-08-01 18:04
Severity ?
EPSS score ?
Summary
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-567/ | x_research-advisory | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f368d63ecd89e01fd2cf0b1c4def5fc782b2c390 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "ea6d602ccacee5f4bdf45b9f58eb0dc5320f3c07"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T14:25:55.471301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:27:46.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-567",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-567/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f368d63ecd89e01fd2cf0b1c4def5fc782b2c390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "ea6d602ccacee5f4bdf45b9f58eb0dc5320f3c07"
}
]
}
],
"dateAssigned": "2024-01-11T14:45:23.164-06:00",
"datePublic": "2024-06-05T10:57:42.180-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T22:49:46.768Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-567",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-567/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f368d63ecd89e01fd2cf0b1c4def5fc782b2c390"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-0444",
"datePublished": "2024-06-07T22:49:46.768Z",
"dateReserved": "2024-01-11T20:43:36.631Z",
"dateUpdated": "2024-08-01T18:04:49.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47538
Vulnerability from cvelistv5
Published
2024-12-11 18:52
Modified
2024-12-19 21:33
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0022.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47538",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:36:36.299358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:36:43.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd-\u003evi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T21:33:01.290Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0022.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0022.html"
}
],
"source": {
"advisory": "GHSA-c46x-rw9j-gp3c",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47538",
"datePublished": "2024-12-11T18:52:30.622Z",
"dateReserved": "2024-09-25T21:46:10.929Z",
"dateUpdated": "2024-12-19T21:33:01.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47775
Vulnerability from cvelistv5
Published
2024-12-11 19:15
Modified
2024-12-11 21:06
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0027.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:06:26.150191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:06:33.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:15:44.607Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html"
}
],
"source": {
"advisory": "GHSA-hxxw-2g39-jv2p",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-261: GStreamer has an OOB-read in parse_ds64"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47775",
"datePublished": "2024-12-11T19:15:44.607Z",
"dateReserved": "2024-09-30T21:28:53.234Z",
"dateUpdated": "2024-12-11T21:06:33.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47777
Vulnerability from cvelistv5
Published
2024-12-11 19:16
Modified
2024-12-11 21:07
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0027.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47777",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:07:19.494550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:07:34.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:16:33.169Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html"
}
],
"source": {
"advisory": "GHSA-p29q-wv55-9qfv",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47777",
"datePublished": "2024-12-11T19:16:33.169Z",
"dateReserved": "2024-09-30T21:28:53.235Z",
"dateUpdated": "2024-12-11T21:07:34.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47607
Vulnerability from cvelistv5
Published
2024-12-11 19:13
Modified
2024-12-12 14:22
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0024.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47607",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:22:43.431699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:22:58.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c\u0027. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:13:27.569Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0024.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0024.html"
}
],
"source": {
"advisory": "GHSA-xwp8-xrwj-765c",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47607",
"datePublished": "2024-12-11T19:13:27.569Z",
"dateReserved": "2024-09-27T20:37:22.119Z",
"dateUpdated": "2024-12-12T14:22:58.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47778
Vulnerability from cvelistv5
Published
2024-12-11 19:16
Modified
2024-12-11 21:12
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0027.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:12:16.776786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:12:34.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:16:58.215Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html"
}
],
"source": {
"advisory": "GHSA-g5r2-cgcp-4228",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47778",
"datePublished": "2024-12-11T19:16:58.215Z",
"dateReserved": "2024-09-30T21:28:53.235Z",
"dateUpdated": "2024-12-11T21:12:34.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47599
Vulnerability from cvelistv5
Published
2024-12-11 19:02
Modified
2024-12-11 21:38
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0016.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47599",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:37:52.517866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:38:01.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:02:52.412Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0016.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0016.html"
}
],
"source": {
"advisory": "GHSA-p5ff-v9j8-327r",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-247: GStreamer Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47599",
"datePublished": "2024-12-11T19:02:52.412Z",
"dateReserved": "2024-09-27T20:37:22.118Z",
"dateUpdated": "2024-12-11T21:38:01.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37327
Vulnerability from cvelistv5
Published
2024-05-03 01:58
Modified
2024-08-02 17:09
Severity ?
EPSS score ?
Summary
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-903/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0001.html | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "1.22.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:28:13.596893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:30:39.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-903",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-903/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "1.22.1"
}
]
}
],
"dateAssigned": "2023-06-30T12:37:25.322-05:00",
"datePublic": "2023-07-06T16:48:36.790-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:58:19.972Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-903",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-903/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0001.html"
}
],
"source": {
"lang": "en",
"value": "Michael Randrianantenaina"
},
"title": "GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-37327",
"datePublished": "2024-05-03T01:58:19.972Z",
"dateReserved": "2023-06-30T17:27:13.599Z",
"dateUpdated": "2024-08-02T17:09:34.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47546
Vulnerability from cvelistv5
Published
2024-12-11 19:01
Modified
2024-12-13 17:42
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0013.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47546",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T17:42:31.315152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T17:42:41.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:01:05.831Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0013.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0013.html"
}
],
"source": {
"advisory": "GHSA-8mrc-f6w6-gpph",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47546",
"datePublished": "2024-12-11T19:01:05.831Z",
"dateReserved": "2024-09-25T21:46:10.931Z",
"dateUpdated": "2024-12-13T17:42:41.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47545
Vulnerability from cvelistv5
Published
2024-12-11 18:58
Modified
2024-12-13 17:44
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-242_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0010.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47545",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T17:44:03.153452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T17:44:20.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:58:14.462Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-242_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-242_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0010.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0010.html"
}
],
"source": {
"advisory": "GHSA-gfcr-8wm5-vq57",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47545",
"datePublished": "2024-12-11T18:58:14.462Z",
"dateReserved": "2024-09-25T21:46:10.931Z",
"dateUpdated": "2024-12-13T17:44:20.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9812
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3818 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2017-0021.html | vendor-advisory, x_refsource_REDHAT | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| https://bugzilla.gnome.org/show_bug.cgi?id=775048 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95160 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/12/05/8 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/01/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=775048"
},
{
"name": "95160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95160"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=775048"
},
{
"name": "95160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95160"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=775048",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=775048"
},
{
"name": "95160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95160"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9812",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-12-04T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47596
Vulnerability from cvelistv5
Published
2024-12-11 19:01
Modified
2024-12-13 17:42
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0015.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47596",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T17:41:58.125719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T17:42:14.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:01:23.353Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0015.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0015.html"
}
],
"source": {
"advisory": "GHSA-g338-pff2-5x8w",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47596",
"datePublished": "2024-12-11T19:01:23.353Z",
"dateReserved": "2024-09-27T20:37:22.118Z",
"dateUpdated": "2024-12-13T17:42:14.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50186
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-368/ | x_research-advisory | |
| https://gstreamer.freedesktop.org/security/sa-2023-0011.html | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer_project",
"versions": [
{
"lessThan": "1.22.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T14:12:22.539239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T14:15:18.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-368",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-368/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "bd4a9fde89e2549887e8a77d22ab027bed70d743"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.468-06:00",
"datePublic": "2024-04-19T14:36:32.711-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:13.976Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-368",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-368/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0011.html"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50186",
"datePublished": "2024-05-03T02:14:13.976Z",
"dateReserved": "2023-12-05T16:15:17.537Z",
"dateUpdated": "2024-08-02T22:09:49.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47774
Vulnerability from cvelistv5
Published
2024-12-11 19:15
Modified
2024-12-12 14:15
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/ | x_refsource_CONFIRM | |
| https://github.com/github/securitylab-vulnerabilities/issues/1826 | x_refsource_MISC | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:15:00.272216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:15:07.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:15:18.259Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/"
},
{
"name": "https://github.com/github/securitylab-vulnerabilities/issues/1826",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/github/securitylab-vulnerabilities/issues/1826"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch"
}
],
"source": {
"advisory": "GHSA-qjr8-gwp5-24w7",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47774",
"datePublished": "2024-12-11T19:15:18.259Z",
"dateReserved": "2024-09-30T21:28:53.234Z",
"dateUpdated": "2024-12-12T14:15:07.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47613
Vulnerability from cvelistv5
Published
2024-12-11 19:14
Modified
2024-12-19 21:34
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0025.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47613",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:17:34.089687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:17:51.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T21:34:19.223Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
}
],
"source": {
"advisory": "GHSA-qvwm-8ff7-8p2v",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47613",
"datePublished": "2024-12-11T19:14:02.436Z",
"dateReserved": "2024-09-27T20:37:22.120Z",
"dateUpdated": "2024-12-19T21:34:19.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38103
Vulnerability from cvelistv5
Published
2024-05-03 01:59
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21443.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gstreamer:gstreamer:1.22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "1.22.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T13:16:14.356156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:46:47.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1007",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1007/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/uploads/d4a0aa4ec2165f6c418703b9e1459d8b/0002-rmdemux-Check-for-integer-overflow-when-calculation-.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GStreamer",
"vendor": "GStreamer",
"versions": [
{
"status": "affected",
"version": "1.22.3"
}
]
}
],
"dateAssigned": "2023-07-12T10:35:24.871-05:00",
"datePublic": "2023-07-27T08:10:19.954-05:00",
"descriptions": [
{
"lang": "en",
"value": "GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21443."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:04.423Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1007",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1007/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/uploads/d4a0aa4ec2165f6c418703b9e1459d8b/0002-rmdemux-Check-for-integer-overflow-when-calculation-.patch"
}
],
"source": {
"lang": "en",
"value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
},
"title": "GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38103",
"datePublished": "2024-05-03T01:59:04.423Z",
"dateReserved": "2023-07-12T15:22:20.618Z",
"dateUpdated": "2024-08-02T17:30:13.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9807
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0019.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2975.html | vendor-advisory, x_refsource_REDHAT | |
| https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2017-0020.html | vendor-advisory, x_refsource_REDHAT | |
| https://gstreamer.freedesktop.org/releases/1.10/#1.10.2 | x_refsource_CONFIRM | |
| https://bugzilla.gnome.org/show_bug.cgi?id=774859 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/12/05/8 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201705-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/01/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/95148 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774859"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "95148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff"
},
{
"name": "RHSA-2017:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774859"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "95148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0019",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
},
{
"name": "RHSA-2016:2975",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
},
{
"name": "https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff"
},
{
"name": "RHSA-2017:0020",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=774859",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774859"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "95148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9807",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-12-04T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47602
Vulnerability from cvelistv5
Published
2024-12-11 19:10
Modified
2024-12-12 14:24
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0019.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47602",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:24:18.356233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:24:27.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream-\u003ecodec_priv pointer in the following code. If stream-\u003ecodec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:10:31.683Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0019.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0019.html"
}
],
"source": {
"advisory": "GHSA-m48f-764w-83c6",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47602",
"datePublished": "2024-12-11T19:10:31.683Z",
"dateReserved": "2024-09-27T20:37:22.119Z",
"dateUpdated": "2024-12-12T14:24:27.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47603
Vulnerability from cvelistv5
Published
2024-12-11 19:11
Modified
2024-12-11 20:42
Severity ?
EPSS score ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer/ | x_refsource_CONFIRM | |
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | x_refsource_MISC | |
| https://gstreamer.freedesktop.org/security/sa-2024-0021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47603",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T20:38:14.418203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T20:42:29.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T19:11:51.382Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0021.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0021.html"
}
],
"source": {
"advisory": "GHSA-gqcc-q947-jv78",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-251: GStreamer NULL-pointer dereference in Matroska/WebM demuxer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47603",
"datePublished": "2024-12-11T19:11:51.382Z",
"dateReserved": "2024-09-27T20:37:22.119Z",
"dateUpdated": "2024-12-11T20:42:29.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}