Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-40474

Published: 03/05/2024 Updated: 03/05/2024

Vulnerability Summary

GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21660.

Vendor Advisories

Debian CVElist Bug Report Logs: gst-plugins-bad1.0: CVE-2023-40474
Debian Bug report logs - #1053261 gst-plugins-bad10: CVE-2023-40474 Package: src:gst-plugins-bad10; Maintainer for src:gst-plugins-bad10 is Maintainers of GStreamer packages <gst-plugins-bad10@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 30 Sep 2023 09:09:06 UTC Severity: ...
Debian Security Advisories: DSA-5533-1 gst-plugins-bad1.0 -- security update
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened For the oldstable distribution (bullseye), these problems have been fixed in version 1184-3+deb11u2 For the st ...
Amazon Linux 2: ALAS2-2023-2298
Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: gstreamerfreedesktoporg/security/sa-2023-0006htmlNOTE: gitlabfreedesktoporg/gstreamer/gstreamer/-/merge_requests/5362NOTE: Fixed by: gitlabfreedesktoporg/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 ( ...

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1456/https://gstreamer.freedesktop.org/security/sa-2023-0006.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053261https://www.zerodayinitiative.com/advisories/ZDI-23-1456/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook