Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-44446

Vulnerability Summary

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

Vendor Advisories

Debian CVElist Bug Report Logs: gst-plugins-bad1.0: CVE-2023-44446: MXF demuxer use-after-free
Debian Bug report logs - #1056101 gst-plugins-bad10: CVE-2023-44446: MXF demuxer use-after-free Package: src:gst-plugins-bad10; Maintainer for src:gst-plugins-bad10 is Maintainers of GStreamer packages <gst-plugins-bad10@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 16 Nov ...
Debian Security Advisories: DSA-5565-1 gst-plugins-bad1.0 -- security update
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened For the oldstable distribution (bullseye), these problems have been fixed in version 1184-3+deb11u3 For the st ...
Amazon Linux 2: ALAS-2023-2355
gstreamer: AV1 codec parser heap-based buffer overflow (CVE-2023-44429) gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446) ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9Red Hat Product Sec ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 90 Extended Update S ...
Red Hat: Important: OpenShift Container Platform 4.14.8 bug fix and security update
Synopsis Important: OpenShift Container Platform 4148 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4148 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8Red Hat Product Sec ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 88 Extended Update S ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
概述 Important: gstreamer1-plugins-bad-free security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 86 Extended Update SupportRe ...
Red Hat: Important: OpenShift Container Platform 4.11.56 bug fix and security update
概要 Important: OpenShift Container Platform 41156 bug fix and security update タイプ/重大度 Security Advisory: Important トピック Red Hat OpenShift Container Platform release 41156 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Ha ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 92 Extended Update S ...
Red Hat: Important: gstreamer-plugins-bad-free security update
Synopsis Important: gstreamer-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7Red Hat Product Secur ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 84 Advanced Mission ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 82 Advanced Update S ...
Red Hat: Important: gstreamer1-plugins-bad-free security update
Synopsis Important: gstreamer1-plugins-bad-free security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7Red Hat Product Sec ...
Red Hat: Important: OpenShift Container Platform 4.12.47 security update
Synopsis Important: OpenShift Container Platform 41247 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41247 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container P ...
Red Hat:
Description<!---->A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files This issue could allow a malicious third party to trigger a crash in the application and may allow code executionA use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files This issue c ...

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056101https://www.debian.org/security/2023/dsa-5565https://access.redhat.com/security/cve/cve-2023-44446https://www.zerodayinitiative.com/advisories/ZDI-23-1647/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook