PT-2023-5634 · Gstreamer+9 · Gstreamer+9

Michael Randrianantenaina

·

Publicado

2023-09-20

·

Atualizado

2026-04-23

·

CVE-2023-40475

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)
Description The issue is related to an integer overflow in the parsing of MXF video files, which can result from the lack of proper validation of user-supplied data. This can lead to an integer overflow before allocating a buffer, allowing an attacker to execute code in the context of the current process. The vulnerability can be exploited by remote attackers who interact with the library, and attack vectors may vary depending on the implementation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALSA-2024:2287
ALSA-2024:3060
BDU:2023-06294
CESA-2024_3060
CVE-2023-40475
DLA-3633-1
DSA-5533-1
INFSA-2024_2287
INFSA-2024_3060
MGASA-2023-0354
OESA-2023-1709
OPENSUSE-SU-2023_4943-1
OPENSUSE-SU-2024:0305-1
OPENSUSE-SU-2024_0005-1
OPENSUSE-SU-2024_0305-1
RHSA-2024:2287
RHSA-2024:3060
RHSA-2024_2287
RHSA-2024_3060
RLSA-2024:2287
RLSA-2024:3060
ROSA-SA-2024-2357
SUSE-SU-2023:4943-1
SUSE-SU-2023:4944-1
SUSE-SU-2023:4947-1
SUSE-SU-2023:4971-1
SUSE-SU-2023:4972-1
SUSE-SU-2023_4943-1
SUSE-SU-2023_4944-1
SUSE-SU-2023_4947-1
SUSE-SU-2023_4972-1
SUSE-SU-2024:0005-1
SUSE-SU-2024_0005-1
USN-6526-1
USN-8205-1
ZDI-23-1457

Produtos afetados

Almalinux
Astra Linux
Centos
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu