Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-44429

Published: 03/05/2024 Updated: 03/05/2024

Vulnerability Summary

GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226.

Vendor Advisories

Debian CVElist Bug Report Logs: gst-plugins-bad1.0: CVE-2023-44429: AV1 codec parser buffer overflow
Debian Bug report logs - #1056102 gst-plugins-bad10: CVE-2023-44429: AV1 codec parser buffer overflow Package: src:gst-plugins-bad10; Maintainer for src:gst-plugins-bad10 is Maintainers of GStreamer packages <gst-plugins-bad10@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 ...
Debian Security Advisories: DSA-5565-1 gst-plugins-bad1.0 -- security update
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened For the oldstable distribution (bullseye), these problems have been fixed in version 1184-3+deb11u3 For the st ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9Red Hat Product Sec ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 92 Extended Update S ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 90 Extended Update S ...
Amazon Linux 2: ALAS-2023-2355
gstreamer: AV1 codec parser heap-based buffer overflow (CVE-2023-44429) gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446) ...

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1648/https://gstreamer.freedesktop.org/security/sa-2023-0009.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056102https://www.zerodayinitiative.com/advisories/ZDI-23-1648/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook