PT-2023-9391 · Gstreamer+10 · Gstreamer+10

Michael Randrianantenaina

·

Published

2023-07-02

·

Updated

2025-10-07

·

CVE-2023-37327

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:C
Name of the Vulnerable Software and Affected Versions GStreamer (affected versions not specified)
Description This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of FLAC audio files, resulting from the lack of proper validation of user-supplied data, which can cause an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2024:2303
ALSA-2024:3089
ALT-PU-2024-9706
ALT-PU-2024-9708
AZL-43549
AZL-44097
BDU:2024-07000
CESA-2024_3089
CVE-2023-37327
DLA-3505-1
DSA-5445-1
INFSA-2024_2303
INFSA-2024_3089
MGASA-2023-0354
OESA-2023-1934
OPENSUSE-SU-2023_3219-1
OPENSUSE-SU-2023_3221-1
OPENSUSE-SU-2023_3248-1
OPENSUSE-SU-2023_3250-1
OPENSUSE-SU-2023_3265-1
OPENSUSE-SU-2023_3266-1
OPENSUSE-SU-2023_3801-1
OPENSUSE-SU-2024:13087-1
OPENSUSE-SU-2024:13088-1
RHSA-2024:2303
RHSA-2024:3089
RHSA-2024_2303
RHSA-2024_3089
RLSA-2024:3089
SUSE-SU-2023:3219-1
SUSE-SU-2023:3221-1
SUSE-SU-2023:3236-1
SUSE-SU-2023:3246-1
SUSE-SU-2023:3248-1
SUSE-SU-2023:3250-1
SUSE-SU-2023:3265-1
SUSE-SU-2023:3266-1
SUSE-SU-2023:3688-1
SUSE-SU-2023:3801-1
SUSE-SU-2023_3219-1
SUSE-SU-2023_3221-1
SUSE-SU-2023_3236-1
SUSE-SU-2023_3246-1
SUSE-SU-2023_3248-1
SUSE-SU-2023_3250-1
SUSE-SU-2023_3265-1
SUSE-SU-2023_3266-1
USN-6268-1
USN-6269-1
USN-7807-1
ZDI-23-903

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu