https://gstreamer.freedesktop.org/security/sa-2023-0006.html reports: Details: Heap-based buffer overflow in the MXF file demuxer when handling malformed files with uncompressed video in GStreamer versions before 1.22.6. Impact: It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. Patches: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch (includes patch for SA-2023-0007 / ZDI-CAN-21661 / CVE-2023-40475) https://gstreamer.freedesktop.org/security/sa-2023-0007.html reports: Details: Heap-based buffer overflow in the MXF file demuxer when handling malformed files with AES3 audio in GStreamer versions before 1.22.6. Impact: It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. Patches: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch (includes patch for SA-2023-0006 / ZDI-CAN-21660 / CVE-2023-40474) https://gstreamer.freedesktop.org/security/sa-2023-0008.html reports: Details: Stack-based buffer overflow in the H.265 video parser when handling malformed H.265 video streams in GStreamer versions before 1.22.6. Impact: It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through stack manipulation. Patches: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364.patch Fixes all in 1.22.6. Please bump.
