918095 – (CVE-2023-40474, CVE-2023-40475, CVE-2023-40476, SA-2023-0006, SA-2023-0007, SA-2023-0008, ZDI-CAN-21660, ZDI-CAN-21661, ZDI-CAN-21768) <media-libs/gst-plugins-bad-1.22.11-r1: multiple vulnerabilities

Bug 918095 (CVE-2023-40474, CVE-2023-40475, CVE-2023-40476, SA-2023-0006, SA-2023-0007, SA-2023-0008, ZDI-CAN-21660, ZDI-CAN-21661, ZDI-CAN-21768) - <media-libs/gst-plugins-bad-1.22.11-r1: multiple vulnerabilities

Summary: <media-libs/gst-plugins-bad-1.22.11-r1: multiple vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2023-40474, CVE-2023-40475, CVE-2023-40476, SA-2023-0006, SA-2023-0007, SA-2023-0008, ZDI-CAN-21660, ZDI-CAN-21661, ZDI-CAN-21768

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://www.openwall.com/lists/oss-se...
Whiteboard:	A2 [glsa]
Keywords:

Depends on:	928779
Blocks:
	Show dependency tree

Reported:	2023-11-23 18:06 UTC by John Helmert III
Modified:	2024-05-12 07:00 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-11-23 18:06:29 UTC

https://gstreamer.freedesktop.org/security/sa-2023-0006.html reports:
   Details:
   Heap-based buffer overflow in the MXF file demuxer when handling malformed
   files with uncompressed video in GStreamer versions before 1.22.6.

   Impact:
   It is possible for a malicious third party to trigger a crash in the
   application, and possibly also effect code execution through heap
   manipulation.

   Patches:
   https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch
   (includes patch for SA-2023-0007 / ZDI-CAN-21661 / CVE-2023-40475)

https://gstreamer.freedesktop.org/security/sa-2023-0007.html reports:
   Details:
   Heap-based buffer overflow in the MXF file demuxer when handling malformed
   files with AES3 audio in GStreamer versions before 1.22.6.

   Impact:
   It is possible for a malicious third party to trigger a crash in the
   application, and possibly also effect code execution through heap
   manipulation.

   Patches:
   https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch
   (includes patch for SA-2023-0006 / ZDI-CAN-21660 / CVE-2023-40474)

https://gstreamer.freedesktop.org/security/sa-2023-0008.html reports:
   Details:
   Stack-based buffer overflow in the H.265 video parser when handling malformed
   H.265 video streams in GStreamer versions before 1.22.6.

   Impact:
   It is possible for a malicious third party to trigger a crash in the
   application, and possibly also effect code execution through stack
   manipulation.

   Patches:
   https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364.patch

Fixes all in 1.22.6. Please bump.

Comment 1 Larry the Git Cow gentoo-dev

2024-04-30 08:28:02 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=921fdfc2e59cfb6143b33056ca4b215f65be248b

commit 921fdfc2e59cfb6143b33056ca4b215f65be248b
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2024-04-30 07:47:59 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2024-04-30 08:23:47 +0000

    media-libs/gst-plugins-bad: drop 1.20.5-r1, 1.20.6
    
    Bug: https://bugs.gentoo.org/918095
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 media-libs/gst-plugins-bad/Manifest                |   2 -
 .../gst-plugins-bad-1.20.5-r1.ebuild               | 104 ---------------------
 .../gst-plugins-bad/gst-plugins-bad-1.20.6.ebuild  | 104 ---------------------
 3 files changed, 210 deletions(-)