PT-2023-9039 · Gstreamer+6 · Gstreamer+6

Michael Randrianantenaina

·

Published

2023-12-18

·

Updated

2025-06-05

·

CVE-2023-50186

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)
Description This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

ALSA-2024:2287
BDU:2024-03234
CVE-2023-50186
DSA-5583-1
INFSA-2024_2287
OPENSUSE-SU-2024:0305-1
OPENSUSE-SU-2024:13896-1
OPENSUSE-SU-2024_0305-1
OPENSUSE-SU-2024_3289-1
OPENSUSE-SU-2024_3295-1
RHSA-2024:2287
RHSA-2024_2287
RLSA-2024:2287
SUSE-SU-2024:3289-1
SUSE-SU-2024:3295-1
USN-7558-1
ZDI-24-368

Affected Products

Almalinux
Gstreamer
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu