gstreamer1-plugins-bad-free-1.16.1-4.el8
エラータID: AXSA:2024-8316:04
リリース日:
2024/06/17 Monday - 19:14
題名:
gstreamer1-plugins-bad-free-1.16.1-4.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GStreamer の MXF ファイルの解析機能には、データの
検証処理の不備に起因した整数オーバーフローの問題が
あるため、リモートの攻撃者により、細工された MXF
形式のファイルを介して、任意のコードの実行を可能と
する脆弱性が存在します。(CVE-2023-40474)
- GStreamer の MXF 形式のファイルの解析処理には、
データの検証処理の不備に起因した整数オーバーフロー
の問題があるため、リモートの攻撃者により、細工された
MXF 形式のデータを介して、任意のコードの実行を可能
とする脆弱性が存在します。(CVE-2023-40475)
- GStreamer の H.265 形式の動画データの解析機能には、
データサイズの検証処理の不備に起因したスタック領域
のバッファーオーバーフローの問題があるため、リモート
の攻撃者により、細工された H.265 形式の動画データを
介して、任意のコードの実行、およびサービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2023-40476)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-40474
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21660.
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21660.
CVE-2023-40475
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21661.
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21661.
CVE-2023-40476
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21768.
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21768.
追加情報:
N/A
ダウンロード:
SRPMS
- gstreamer1-plugins-bad-free-1.16.1-4.el8.src.rpm
MD5: fff7b0e6267dc9dfb084003b4970380a
SHA-256: b59aa6de619671443b7902b18d04bf61bbfe04b65741ace2b9ddc379d0fd582f
Size: 5.03 MB
Asianux Server 8 for x86_64
- gstreamer1-plugins-bad-free-1.16.1-4.el8.i686.rpm
MD5: b80a7197faf631bff8a552c4e3a7dc05
SHA-256: 21e1a7787049450686404efe3de6b387469a3c49da06014b13b4f0de078b15d9
Size: 1.91 MB - gstreamer1-plugins-bad-free-1.16.1-4.el8.x86_64.rpm
MD5: ae667eeb821db7ae1975795193e5aa7d
SHA-256: 4532e8541ab34438b2e14a490e30166035d550022c4d1370501967ff60667fa8
Size: 1.83 MB - gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.i686.rpm
MD5: cfbe33be77929f650299642fb792e13d
SHA-256: 2e0cc25e0cc6686a8e308916eb91646b6529818d6bc7cf881086219f827ca4da
Size: 525.24 kB - gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.x86_64.rpm
MD5: e843d449ec7df938ef8e4e9df6bdfebf
SHA-256: 8b40163b08dc111c572dfe8e18e4156be4dc24b8718cda26d0165294c2bfe07c
Size: 525.30 kB
English