Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2023-2298

Related Vulnerabilities: CVE-2023-40474   CVE-2023-40475   CVE-2023-40476  

Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.htmlNOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 (CVE-2023-40474) Integer overflow leading to heap overwrite in MXF file handling with AES3 audio NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0007.htmlNOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39 (CVE-2023-40475) Integer overflow in H.265 video parser leading to stack overwrite NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0008.htmlNOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9 (CVE-2023-40476)

Source

ALAS2-2023-2298

Amazon Linux 2 Security Advisory: ALAS-2023-2298
Advisory Release Date: 2023-10-12 15:09 Pacific
Advisory Updated Date: 2023-10-19 23:40 Pacific
Severity: Important
Issue Overview:

Integer overflow leading to heap overwrite in MXF file handling with uncompressed video

NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 (CVE-2023-40474)

Integer overflow leading to heap overwrite in MXF file handling with AES3 audio

NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0007.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39 (CVE-2023-40475)

Integer overflow in H.265 video parser leading to stack overwrite

NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0008.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9 (CVE-2023-40476)


Affected Packages:

gstreamer1-plugins-bad-free


Issue Correction:
Run yum update gstreamer1-plugins-bad-free to update your system.

New Packages:
aarch64:
    gstreamer1-plugins-bad-free-1.18.4-5.amzn2.0.2.aarch64
    gstreamer1-plugins-bad-free-devel-1.18.4-5.amzn2.0.2.aarch64
    gstreamer1-plugins-bad-free-debuginfo-1.18.4-5.amzn2.0.2.aarch64

i686:
    gstreamer1-plugins-bad-free-1.18.4-5.amzn2.0.2.i686
    gstreamer1-plugins-bad-free-devel-1.18.4-5.amzn2.0.2.i686
    gstreamer1-plugins-bad-free-debuginfo-1.18.4-5.amzn2.0.2.i686

src:
    gstreamer1-plugins-bad-free-1.18.4-5.amzn2.0.2.src

x86_64:
    gstreamer1-plugins-bad-free-1.18.4-5.amzn2.0.2.x86_64
    gstreamer1-plugins-bad-free-devel-1.18.4-5.amzn2.0.2.x86_64
    gstreamer1-plugins-bad-free-debuginfo-1.18.4-5.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2023-40474, CVE-2023-40475, CVE-2023-40476

Mitre: CVE-2023-40474, CVE-2023-40475, CVE-2023-40476

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started