gstreamer1-plugins-bad-free-1.22.1-4.el9
エラータID: AXSA:2024-8037:03
リリース日:
2024/05/30 Thursday - 19:33
題名:
gstreamer1-plugins-bad-free-1.22.1-4.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GStreamer の MXF ファイルの解析機能には、データの検証
処理の不備に起因した整数オーバーフローの問題があるため、
リモートの攻撃者により、細工された MXF 形式のファイル
を介して、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-40474)
- GStreamer の MXF 形式のファイルの解析処理には、データ
の検証処理の不備に起因した整数オーバーフローの問題が
あるため、リモートの攻撃者により、細工された MXF 形式
のデータを介して、任意のコードの実行を可能とする脆弱性
が存在します。(CVE-2023-40475)
- GStreamer の H.265 形式の動画データの解析機能には、
データサイズの検証処理の不備に起因したスタック領域の
バッファーオーバーフローの問題があるため、リモートの
攻撃者により、細工された H.265 形式の動画データを介して、
任意のコードの実行、およびサービス拒否攻撃 (クラッシュ
の発生) を可能とする脆弱性が存在します。
(CVE-2023-40476)
- GStreamer の AV1 形式の動画データのメタデータの解析
処理には、データサイズの検証の欠落に起因したスタック
領域のバッファーオーバーフローの問題があるため、
リモートの攻撃者により、細工された AV1 形式の動画
データを介して、任意のコードの実行を可能とする脆弱性
が存在します。(CVE-2023-50186)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-40474
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21660.
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21660.
CVE-2023-40475
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21661.
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21661.
CVE-2023-40476
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21768.
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21768.
CVE-2023-50186
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
追加情報:
N/A
ダウンロード:
SRPMS
- gstreamer1-plugins-bad-free-1.22.1-4.el9.src.rpm
MD5: 00e8140f105212d34c93edcd34fe237a
SHA-256: abd8628ccb7ae354acf58a255eafb2923cfca645fa0fdb5dd3a8b29657a82dfd
Size: 5.24 MB
Asianux Server 9 for x86_64
- gstreamer1-plugins-bad-free-1.22.1-4.el9.i686.rpm
MD5: 413e86607eb14b83330e46bf594ea4aa
SHA-256: f9a7c4fe5460580ebbbc45e5bc592eeb9a7ef3f571fd7ebb6cb31d45c3d29ccd
Size: 3.00 MB - gstreamer1-plugins-bad-free-1.22.1-4.el9.x86_64.rpm
MD5: 367c79afb06179a406caa08739de39c6
SHA-256: 5843817a83ddcd3a983babcb75c038abeee13c5777c56c7b971b5f190dc87697
Size: 2.92 MB - gstreamer1-plugins-bad-free-devel-1.22.1-4.el9.i686.rpm
MD5: 57d0eda83129d23d6fdcdb700ad6ca47
SHA-256: 5c35489d5f5259ec431d9a3ceaf4d4b3f10f2f1b36531991a124840c09fa991d
Size: 265.16 kB - gstreamer1-plugins-bad-free-devel-1.22.1-4.el9.x86_64.rpm
MD5: cc7963a4d28549c634ffd8d93acd0bd1
SHA-256: f0a5688ddc8e434c567cb3acf6d72dc674ccbb6870d2b2dc61f056009e29833b
Size: 265.20 kB
English