PT-2023-3442 · Gstreamer+9 · Gstreamer+9

Michael Randrianantenaina

·

Published

2023-06-12

·

Updated

2025-10-07

·

CVE-2023-37328

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)
Description This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of PGS subtitle files, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Interaction with this library is required to exploit this vulnerability, but attack vectors may vary depending on the implementation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2024:2302
ALSA-2024:3088
ALT-PU-2024-9710
BDU:2023-03624
CESA-2024_3088
CVE-2023-37328
DLA-3504-1
DSA-5443-1
INFSA-2024_2302
INFSA-2024_3088
MGASA-2023-0354
OESA-2024-1340
OESA-2024-1453
OESA-2024-1454
OESA-2024-1455
OESA-2024-1456
OESA-2024-1457
OPENSUSE-SU-2023_3221-1
OPENSUSE-SU-2023_3250-1
OPENSUSE-SU-2023_3265-1
OPENSUSE-SU-2023_3801-1
OPENSUSE-SU-2024:13087-1
RHSA-2024:2302
RHSA-2024:3088
RHSA-2024_2302
RHSA-2024_3088
RLSA-2024:2302
SUSE-SU-2023:3221-1
SUSE-SU-2023:3236-1
SUSE-SU-2023:3250-1
SUSE-SU-2023:3265-1
SUSE-SU-2023:3402-1
SUSE-SU-2023:3801-1
SUSE-SU-2023_3221-1
SUSE-SU-2023_3402-1
USN-6268-1
USN-7807-1
ZDI-23-901

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Gstreamer
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu