mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-11-25 03:01:03 +00:00
security-advisories: import from www module
Ship these also as part of the monorepo, so we can prepare new advisories as part of the relevant merge requests in the private gstreamer-security repository. Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7610>
This commit is contained in:
parent
29063d2ebc
commit
95ca7014c8
27 changed files with 1212 additions and 0 deletions
41
security-advisories/alert-template.md
Normal file
41
security-advisories/alert-template.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Security Advisory 2024-XXXX <!-- (ZDI-CAN-XXXXX, CVE-2024-XXXX) -->
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | ----------------------------------------- |
|
||||
| Summary | Example summary |
|
||||
| Date | 2024-04-10 10:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-XYZ |
|
||||
| IDs | GStreamer-SA-2024-XXXX<br/>CVE-2024-XXXX |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
## Impact
|
||||
|
||||
## Threat mitigation
|
||||
|
||||
## Workarounds
|
||||
|
||||
## Solution
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2024-XXXX](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-XXXX)
|
||||
|
||||
### GStreamer 1.XX.X release
|
||||
|
||||
- [Release Notes](/releases/1.XX/#1.XX.X)
|
||||
- [GStreamer Plugins XYZ 1.XX.X](/src/gst-plugins-XYZ/gst-plugins-XYZ-1.XX.X.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/XXXX.patch)
|
52
security-advisories/sa-2016-0001.md
Normal file
52
security-advisories/sa-2016-0001.md
Normal file
|
@ -0,0 +1,52 @@
|
|||
# Security Advisory 2016-0001 (CVE-2016-9445, CVE-2016-9446)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Multiple Issues in VMNC decoder |
|
||||
| Date | 2016-11-17 16:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad 1.10 < 1.10.1<br/>GStreamer gst-plugins-bad 1.x <= 1.8.3 |
|
||||
| IDs | GStreamer-SA-2016-0001<br/>CVE-2016-9445<br/>CVE-2016-9446 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
The VMNC decoder in gst-plugins-bad contains an integer overflow vulnerability and a failure to initialize output memory.
|
||||
|
||||
## Impact
|
||||
|
||||
If successful, a malicious third party could trigger either a crash in an application decoding a VMNC video stream or an arbitrary code execution with the privileges of the target user. The failure to initialize output memory may result in an information leak.
|
||||
|
||||
## Mitigation
|
||||
|
||||
Exploitation requires the user to access a VMNC stream or file.
|
||||
|
||||
## Workarounds
|
||||
|
||||
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or disable the VMNC decoder plugin by removing the plugin binary file libgstvmnc.so or libgstvmnc.dll.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.10.1 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile, or disable the VMNC plugin.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2016-9445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445)
|
||||
- [CVE-2016-9446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9446)
|
||||
|
||||
### GStreamer Bugzilla Entry
|
||||
|
||||
- [Bug 774533](https://bugzilla.gnome.org/show_bug.cgi?id=774533)
|
||||
|
||||
### GStreamer Patches
|
||||
|
||||
- [Patch](https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe)
|
||||
- [Patch 2](https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=807e23118b6b6d99e61b5e2055c4bc82a444b008)
|
58
security-advisories/sa-2016-0002.md
Normal file
58
security-advisories/sa-2016-0002.md
Normal file
|
@ -0,0 +1,58 @@
|
|||
# Security Advisory 2016-0002 (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Multiple Issues in FLC/FLI/FLX Decoder |
|
||||
| Date | 2016-11-23 03:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad 1.10 < 1.10.2<br/>GStreamer gst-plugins-bad 1.x <= 1.8.3 |
|
||||
| IDs | GStreamer-SA-2016-0002<br/>CVE-2016-9634<br/>CVE-2016-9635<br/>CVE-2016-9636<br/>CVE-2016-9807 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
The decoder for the FLC/FLI/FLX animation video formats in gst-plugins-good contains various out-of-bounds writes and reads and fails to initialize output frame memory.
|
||||
|
||||
## Impact
|
||||
|
||||
If successful, a malicious third party could trigger either a crash in an application decoding a FLC/FLI/FLX video stream or an arbitrary code execution with the privileges of the target user. The failure to initialize output memory may result in an information leak.
|
||||
|
||||
## Threat Mitigation
|
||||
|
||||
Exploitation requires the user to access an FLC/FLI/FLX stream or file.
|
||||
|
||||
## Workarounds
|
||||
|
||||
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or disable the FLC/FLI/FLX decoder plugin by removing the plugin binary file libgstflxdec.so or libgstflxdec.dll.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.10.2 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile or disable the FLC/FLI/FLX plugin.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2016-9634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634)
|
||||
- [CVE-2016-9635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635)
|
||||
- [CVE-2016-9636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636)
|
||||
- [CVE-2016-9807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807)
|
||||
|
||||
### GStreamer Bugzilla Entries
|
||||
|
||||
- [Bug 774834](https://bugzilla.gnome.org/show_bug.cgi?id=774834)
|
||||
- [Bug 774859](https://bugzilla.gnome.org/show_bug.cgi?id=774859)
|
||||
|
||||
### GStreamer Patches
|
||||
|
||||
- [Patch 1](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac)
|
||||
- [Patch 2](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2)
|
||||
- [Patch 3](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9)
|
||||
- [Patch 4](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff)
|
||||
- [Patch 5](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=96aaf889afe90b5e02ec756af5c6c7000d2cc424)
|
51
security-advisories/sa-2019-0001.md
Normal file
51
security-advisories/sa-2019-0001.md
Normal file
|
@ -0,0 +1,51 @@
|
|||
# Security Advisory 2019-0001 (CVE-2019-9928)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Buffer overflow in RTSP parsing |
|
||||
| Date | 2019-04-22 00:30 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad |
|
||||
| IDs | GStreamer-SA-2019-0001<br/>CVE-2019-9928 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server.
|
||||
|
||||
## Impact
|
||||
|
||||
The potential exists for a malicious server to trigger remote code execution in a connecting client.
|
||||
|
||||
## Threat mitigation
|
||||
|
||||
Exploitation requires the user to access a malicious RTSP server.
|
||||
|
||||
## Workarounds
|
||||
|
||||
The user should refrain from opening RTSP streams from untrusted third parties
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-base 1.16.0 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2019-9928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928)
|
||||
|
||||
### GStreamer 1.16.0 release
|
||||
|
||||
- [Release Notes](/releases/1.16/)
|
||||
- [GStreamer Plugins Base 1.16.0](/src/gst-plugins-base/gst-plugins-base-1.16.0.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157)
|
39
security-advisories/sa-2021-0001.md
Normal file
39
security-advisories/sa-2021-0001.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Security Advisory 2021-0001 (CVE-2021-3522)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Out-of-bounds read in ID3v2 tag parsing |
|
||||
| Date | 2021-03-15 16:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-base 1.x <= 1.18.3, 0.10.36 |
|
||||
| IDs | GStreamer-SA-2021-0001<br/>CVE-2021-3522 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
GStreamer before 1.18.4 might do an out-of-bounds read when handling certain ID3v2 tags.
|
||||
|
||||
## Impact
|
||||
|
||||
It might be possible for a malicious third party to trigger a crash in the application.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-base 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### GStreamer 1.18.4 release
|
||||
|
||||
- [Release Notes](/releases/1.18/#1.18.4)
|
||||
- [GStreamer Plugins Base 1.18.4](/src/gst-plugins-base/gst-plugins-base-1.18.4.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4?merge_request_iid=1066)
|
43
security-advisories/sa-2021-0002.md
Normal file
43
security-advisories/sa-2021-0002.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2021-0002 (CVE-2021-3497)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Use-after-free in matroska demuxing |
|
||||
| Date | 2021-03-15 16:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-good 1.x <= 1.18.3, 0.10.x > 0.10.8 |
|
||||
| IDs | GStreamer-SA-2021-0002<br/>CVE-2021-3497 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
|
||||
|
||||
## Impact
|
||||
|
||||
It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2021-3497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3497)
|
||||
|
||||
### GStreamer 1.18.4 release
|
||||
|
||||
- [Release Notes](/releases/1.18/#1.18.4)
|
||||
- [GStreamer Plugins Good 1.18.4](/src/gst-plugins-good/gst-plugins-good-1.18.4.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3?merge_request_id=903)
|
43
security-advisories/sa-2021-0003.md
Normal file
43
security-advisories/sa-2021-0003.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2021-0003 (CVE-2021-3498)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Heap corruption in matroska demuxing |
|
||||
| Date | 2021-03-15 16:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-good 1.x <= 1.18.3 |
|
||||
| IDs | GStreamer-SA-2021-0003<br/>CVE-2021-3498 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
|
||||
|
||||
## Impact
|
||||
|
||||
It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2021-3498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3498)
|
||||
|
||||
### GStreamer 1.18.4 release
|
||||
|
||||
- [Release Notes](/releases/1.18/#1.18.4)
|
||||
- [GStreamer Plugins Good 1.18.4](/src/gst-plugins-good/gst-plugins-good-1.18.4.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903)
|
39
security-advisories/sa-2021-0004.md
Normal file
39
security-advisories/sa-2021-0004.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Security Advisory 2021-0004
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Out-of-bounds read in realmedia demuxing |
|
||||
| Date | 2021-03-15 16:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-ugly 1.x <= 1.18.3 |
|
||||
| ID | GStreamer-SA-2021-0004 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
GStreamer before 1.18.4 might do an out-of-bounds read when handling certain RealMedia files or streams.
|
||||
|
||||
## Impact
|
||||
|
||||
It might be possible for a malicious third party to trigger a crash in the application.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-ugly 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### GStreamer 1.18.4 release
|
||||
|
||||
- [Release Notes](/releases/1.18/#1.18.4)
|
||||
- [GStreamer Plugins Ugly 1.18.4](/src/gst-plugins-ugly/gst-plugins-ugly-1.18.4.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29?merge_request_iid=75)
|
39
security-advisories/sa-2021-0005.md
Normal file
39
security-advisories/sa-2021-0005.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Security Advisory 2021-0005
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Stack overflow in gst\_ffmpeg\_channel\_layout\_to\_gst() |
|
||||
| Date | 2021-03-15 16:00 |
|
||||
| Affected Versions | GStreamer gst-libav 1.x <= 1.18.3 |
|
||||
| ID | GStreamer-SA-2021-0005 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
GStreamer before 1.18.4 might cause stack corruptions with streams that have more than 64 audio channels.
|
||||
|
||||
## Impact
|
||||
|
||||
It might be possible for a malicious third party to trigger a crash in the application.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-libav 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### GStreamer 1.18.4 release
|
||||
|
||||
- [Release Notes](/releases/1.18/#1.18.4)
|
||||
- [GStreamer plugin for the FFmpeg libav* libraries 1.18.4](/src/gst-libav/gst-libav-1.18.4.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8?merge_request_iid=121)
|
43
security-advisories/sa-2022-0001.md
Normal file
43
security-advisories/sa-2022-0001.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2022-0001 (CVE-2022-1921)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Heap overwrite in avi demuxing |
|
||||
| Date | 2022-06-15 23:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x |
|
||||
| IDs | GStreamer-SA-2022-0001<br/>CVE-2022-1921 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the avi demuxer when handling certain AVI files in GStreamer versions before 1.20.3.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2022-1921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1921)
|
||||
|
||||
### GStreamer 1.20.3 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.3)
|
||||
- [GStreamer Plugins Good 1.20.3](/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0.patch)
|
46
security-advisories/sa-2022-0002.md
Normal file
46
security-advisories/sa-2022-0002.md
Normal file
|
@ -0,0 +1,46 @@
|
|||
# Security Advisory 2022-0002 (CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Potential heap overwrite in mkv demuxing using zlib/bz2/lzo decompression |
|
||||
| Date | 2022-06-15 23:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x |
|
||||
| IDs | GStreamer-SA-2022-0002<br/>CVE-2022-1922<br/>CVE-2022-1923<br/>CVE-2022-1924<br/>CVE-2022-1925 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also overwrite data on the heap.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2022-1922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1922)
|
||||
- [CVE-2022-1923](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1923)
|
||||
- [CVE-2022-1924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1924)
|
||||
- [CVE-2022-1925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1925)
|
||||
|
||||
### GStreamer 1.20.3 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.3)
|
||||
- [GStreamer Plugins Good 1.20.3](/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966.patch)
|
43
security-advisories/sa-2022-0003.md
Normal file
43
security-advisories/sa-2022-0003.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2022-0003 (CVE-2022-2122)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Potential heap overwrite in mp4 demuxing using zlib decompression |
|
||||
| Date | 2022-06-15 23:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x |
|
||||
| IDs | GStreamer-SA-2022-0003<br/>CVE-2022-2122 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Potential heap overwrite in the qt demuxer when handling certain QuickTime/MP4 files in GStreamer versions before 1.20.3.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also overwrite data on the heap.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2022-2122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2122)
|
||||
|
||||
### GStreamer 1.20.3 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.3)
|
||||
- [GStreamer Plugins Good 1.20.3](/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch 1](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774.patch)
|
43
security-advisories/sa-2022-0004.md
Normal file
43
security-advisories/sa-2022-0004.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2022-0004 (CVE-2022-1920)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Potential heap overwrite in gst\_matroska\_demux\_add\_wvpk\_header |
|
||||
| Date | 2022-06-15 23:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x |
|
||||
| IDs | GStreamer-SA-2022-0004<br/>CVE-2022-1920 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Potential heap overwrite in the mkv demuxer when handling certain Matroska files in GStreamer versions before 1.20.3.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to overwrite data on the heap, and possibly even effect code execution.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2022-1920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1920)
|
||||
|
||||
### GStreamer 1.20.3 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.3)
|
||||
- [GStreamer Plugins Good 1.20.3](/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d.patch)
|
48
security-advisories/sa-2023-0001.md
Normal file
48
security-advisories/sa-2023-0001.md
Normal file
|
@ -0,0 +1,48 @@
|
|||
# Security Advisory 2023-0001 (ZDI-CAN-20775, CVE-2023-37327)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Integer overflow leading to heap overwrite in FLAC image tag handling |
|
||||
| Date | 2023-06-20 18:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-good 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x |
|
||||
| IDs | GStreamer-SA-2023-0001<br/>ZDI-CAN-20775<br/>CVE-2023-37327 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the FLAC parser when handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-good 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2023-37327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37327)
|
||||
|
||||
### GStreamer 1.22.4 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.4)
|
||||
- [GStreamer Plugins Good 1.22.4](/src/gst-plugins-good/gst-plugins-good-1.22.4.tar.xz)
|
||||
|
||||
### GStreamer 1.20.7 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.7)
|
||||
- [GStreamer Plugins Good 1.20.7](/src/gst-plugins-good/gst-plugins-good-1.20.7.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch)
|
48
security-advisories/sa-2023-0002.md
Normal file
48
security-advisories/sa-2023-0002.md
Normal file
|
@ -0,0 +1,48 @@
|
|||
# Security Advisory 2023-0002 (ZDI-CAN-20968, CVE-2023-37328)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Heap overwrite in subtitle parsing |
|
||||
| Date | 2023-06-20 18:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-base 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x |
|
||||
| IDs | GStreamer-SA-2023-0002<br/>ZDI-CAN-20968<br/>CVE-2023-37328 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22.4 / 1.20.7.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-base 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2023-37328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37328)
|
||||
|
||||
### GStreamer 1.22.4 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.4)
|
||||
- [GStreamer Plugins Base 1.22.4](/src/gst-plugins-base/gst-plugins-base-1.22.4.tar.xz)
|
||||
|
||||
### GStreamer 1.20.7 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.7)
|
||||
- [GStreamer Plugins Base 1.20.7](/src/gst-plugins-base/gst-plugins-base-1.20.7.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch)
|
48
security-advisories/sa-2023-0003.md
Normal file
48
security-advisories/sa-2023-0003.md
Normal file
|
@ -0,0 +1,48 @@
|
|||
# Security Advisory 2023-0003 (ZDI-CAN-20994, CVE-2023-37329)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Heap overwrite in PGS subtitle overlay decoder |
|
||||
| Date | 2023-06-20 18:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x |
|
||||
| IDs | GStreamer-SA-2023-0003<br/>ZDI-CAN-20994<br/>CVE-2023-37329 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the PGS blu-ray subtitle decoder when handling certain files in GStreamer versions before 1.22.4 / 1.20.7.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2023-37329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37329)
|
||||
|
||||
### GStreamer 1.22.4 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.4)
|
||||
- [GStreamer Plugins Bad 1.22.4](/src/gst-plugins-bad/gst-plugins-bad-1.22.4.tar.xz)
|
||||
|
||||
### GStreamer 1.20.7 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.7)
|
||||
- [GStreamer Plugins Bad 1.20.7](/src/gst-plugins-bad/gst-plugins-bad-1.20.7.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch)
|
44
security-advisories/sa-2023-0004.md
Normal file
44
security-advisories/sa-2023-0004.md
Normal file
|
@ -0,0 +1,44 @@
|
|||
# Security Advisory 2023-0004 (ZDI-CAN-21443)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Integer overflow leading to heap overwrite in RealMedia file handling |
|
||||
| Date | 2023-07-20 14:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-ugly 1.x < 1.22.5, 1.x < 1.20.7, 0.10.x |
|
||||
| IDs | GStreamer-SA-2023-0004<br/>ZDI-CAN-21443 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the RealMedia file demuxer when handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-ugly 1.22.5 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### GStreamer 1.22.5 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.5)
|
||||
- [GStreamer Plugins Ugly 1.22.5](/src/gst-plugins-ugly/gst-plugins-ugly-1.22.5.tar.xz)
|
||||
|
||||
### GStreamer 1.20.7 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.7)
|
||||
- [GStreamer Plugins Ugly 1.20.7](/src/gst-plugins-ugly/gst-plugins-ugly-1.20.7.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072.patch)
|
44
security-advisories/sa-2023-0005.md
Normal file
44
security-advisories/sa-2023-0005.md
Normal file
|
@ -0,0 +1,44 @@
|
|||
# Security Advisory 2023-0005 (ZDI-CAN-21444)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Integer overflow leading to heap overwrite in RealMedia file handling |
|
||||
| Date | 2023-07-20 14:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-ugly 1.x < 1.22.5, 1.x < 1.20.7, 0.10.x |
|
||||
| IDs | GStreamer-SA-2023-0005<br/>ZDI-CAN-21444 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the RealMedia file demuxer when handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-ugly 1.22.5 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### GStreamer 1.22.5 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.5)
|
||||
- [GStreamer Plugins Ugly 1.22.5](/src/gst-plugins-ugly/gst-plugins-ugly-1.22.5.tar.xz)
|
||||
|
||||
### GStreamer 1.20.7 release
|
||||
|
||||
- [Release Notes](/releases/1.20/#1.20.7)
|
||||
- [GStreamer Plugins Ugly 1.20.7](/src/gst-plugins-ugly/gst-plugins-ugly-1.20.7.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072.patch)
|
43
security-advisories/sa-2023-0006.md
Normal file
43
security-advisories/sa-2023-0006.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2023-0006 (ZDI-CAN-21660, CVE-2023-40474)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Integer overflow leading to heap overwrite in MXF file handling with uncompressed video |
|
||||
| Date | 2023-09-20 20:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad < 1.22.6 |
|
||||
| IDs | GStreamer-SA-2023-0006<br/>ZDI-CAN-21660<br/>CVE-2023-40474 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the MXF file demuxer when handling malformed files with uncompressed video in GStreamer versions before 1.22.6
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2023-40474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40474)
|
||||
|
||||
### GStreamer 1.22.6 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.6)
|
||||
- [GStreamer Plugins Bad 1.22.6](/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch) (includes patch for SA-2023-0007 / ZDI-CAN-21661 / CVE-2023-40475)
|
43
security-advisories/sa-2023-0007.md
Normal file
43
security-advisories/sa-2023-0007.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2023-0007 (ZDI-CAN-21661, CVE-2023-40475)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Integer overflow leading to heap overwrite in MXF file handling with AES3 audio |
|
||||
| Date | 2023-09-20 20:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad < 1.22.6 |
|
||||
| IDs | GStreamer-SA-2023-0007<br/>ZDI-CAN-21661<br/>CVE-2023-40475 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the MXF file demuxer when handling malformed files with AES3 audio in GStreamer versions before 1.22.6
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2023-40475](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40475)
|
||||
|
||||
### GStreamer 1.22.6 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.6)
|
||||
- [GStreamer Plugins Bad 1.22.6](/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch) (includes patch for SA-2023-0006 / ZDI-CAN-21660 / CVE-2023-40474)
|
43
security-advisories/sa-2023-0008.md
Normal file
43
security-advisories/sa-2023-0008.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2023-0008 (ZDI-CAN-21768, CVE-2023-40476)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Integer overflow in H.265 video parser leading to stack overwrite |
|
||||
| Date | 2023-09-20 20:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad < 1.22.6 |
|
||||
| IDs | GStreamer-SA-2023-0008<br/>ZDI-CAN-21768<br/>CVE-2023-40476 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Stack-based buffer overflow in the H.265 video parser when handling malformed H.265 video streams in GStreamer versions before 1.22.6
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through stack manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2023-40476](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40476)
|
||||
|
||||
### GStreamer 1.22.6 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.6)
|
||||
- [GStreamer Plugins Bad 1.22.6](/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364.patch)
|
43
security-advisories/sa-2023-0009.md
Normal file
43
security-advisories/sa-2023-0009.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2023-0009 (ZDI-CAN-22226, CVE-2023-44429)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | AV1 codec parser buffer overflow |
|
||||
| Date | 2023-11-13 12:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad < 1.22.7 |
|
||||
| IDs | GStreamer-SA-2023-0009<br/>ZDI-CAN-22226<br/>CVE-2023-44429 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.7
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.22.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2023-44429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44429)
|
||||
|
||||
### GStreamer 1.22.7 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.7)
|
||||
- [GStreamer Plugins Bad 1.22.7](/src/gst-plugins-bad/gst-plugins-bad-1.22.7.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5634.patch)
|
43
security-advisories/sa-2023-0010.md
Normal file
43
security-advisories/sa-2023-0010.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Security Advisory 2023-0010 (ZDI-CAN-22299, CVE-2023-44446)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | MXF demuxer use-after-free |
|
||||
| Date | 2023-11-13 12:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad < 1.22.7 |
|
||||
| IDs | GStreamer-SA-2023-0010<br/>ZDI-CAN-22299<br/>CVE-2023-44446 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Use-after-free (read) in the MXF demuxer when handling certain files before GStreamer 1.22.7
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.22.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2023-44446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44446)
|
||||
|
||||
### GStreamer 1.22.7 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.7)
|
||||
- [GStreamer Plugins Bad 1.22.7](/src/gst-plugins-bad/gst-plugins-bad-1.22.7.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5635.patch)
|
38
security-advisories/sa-2023-0011.md
Normal file
38
security-advisories/sa-2023-0011.md
Normal file
|
@ -0,0 +1,38 @@
|
|||
# Security Advisory 2023-0011 (ZDI-CAN-22300)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | AV1 codec parser buffer overflow |
|
||||
| Date | 2023-12-18 14:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad < 1.22.8 |
|
||||
| IDs | GStreamer-SA-2023-0011<br/>ZDI-CAN-22300<br/>CVE-2023-50186 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.8
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.22.8 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### GStreamer 1.22.8 release
|
||||
|
||||
- [Release Notes](/releases/1.22/#1.22.8)
|
||||
- [GStreamer Plugins Bad 1.22.8](/src/gst-plugins-bad/gst-plugins-bad-1.22.8.tar.xz)
|
||||
|
||||
### Patches
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5823.patch)
|
45
security-advisories/sa-2024-0001.md
Normal file
45
security-advisories/sa-2024-0001.md
Normal file
|
@ -0,0 +1,45 @@
|
|||
# Security Advisory 2024-0001 (ZDI-CAN-22873, CVE-2024-0444)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | AV1 codec parser potential buffer overflow during tile list parsing |
|
||||
| Date | 2024-01-24 20:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-bad < 1.22.9 |
|
||||
| IDs | GStreamer-SA-2024-0001<br/>ZDI-CAN-22873<br/>CVE-2024-0444 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application,
|
||||
and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-bad 1.22.9 releases address the issue.
|
||||
People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2024-0444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0444)
|
||||
|
||||
### GStreamer 1.22.9 release
|
||||
|
||||
- [Release notes](/releases/1.22/#1.22.9)
|
||||
- [GStreamer Plugins Bad 1.22.9](/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970.patch)
|
52
security-advisories/sa-2024-0002.md
Normal file
52
security-advisories/sa-2024-0002.md
Normal file
|
@ -0,0 +1,52 @@
|
|||
# Security Advisory 2024-0002 (ZDI-CAN-23896, CVE-2024-4453)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Integer overflow in EXIF metadata parser leading to potential heap overwrite |
|
||||
| Date | 2024-04-29 20:00 |
|
||||
| Affected Versions | GStreamer gst-plugins-base < 1.24.3, gst-plugins-base < 1.22.12 |
|
||||
| IDs | GStreamer-SA-2024-0002<br/>ZDI-CAN-23896<br/>CVE-2024-4453 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Heap-based buffer overflow in the EXIF image tag parser when handling certain malformed streams before GStreamer 1.24.3 or 1.22.12.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a crash in the application,
|
||||
and possibly also effect code execution through heap manipulation.
|
||||
|
||||
## Solution
|
||||
|
||||
The gst-plugins-base 1.24.3 and 1.22.12 releases address the issue.
|
||||
People using older branches of GStreamer should apply the patch and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2024-4453](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4453)
|
||||
|
||||
### GStreamer releases
|
||||
|
||||
#### 1.24 (current stable)
|
||||
|
||||
- [GStreamer 1.24.3 release notes](/releases/1.24/#1.24.3)
|
||||
- [GStreamer Plugins Base 1.24.3](/src/gst-plugins-base/gst-plugins-base-1.24.3.tar.xz)
|
||||
|
||||
#### 1.22 (old stable)
|
||||
|
||||
- [GStreamer 1.22.12 release notes](/releases/1.22/#1.22.12)
|
||||
- [GStreamer Plugins Base 1.22.12](/src/gst-plugins-base/gst-plugins-base-1.22.12.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6766.patch)
|
50
security-advisories/sa-2024-0003.md
Normal file
50
security-advisories/sa-2024-0003.md
Normal file
|
@ -0,0 +1,50 @@
|
|||
# Security Advisory 2024-0003 (JVN#02030803, JPCERT#92912620, CVE-2024-40897)
|
||||
|
||||
<div class="vertical-table">
|
||||
|
||||
| | |
|
||||
| ----------------- | --- |
|
||||
| Summary | Orc compiler stack-based buffer overflow |
|
||||
| Date | 2024-07-19 12:30 |
|
||||
| Affected Versions | orc < 0.4.39 |
|
||||
| IDs | GStreamer-SA-2024-0003<br/>JVN#02030803 / JPCERT#92912620<br/>CVE-2024-40897 |
|
||||
|
||||
</div>
|
||||
|
||||
## Details
|
||||
|
||||
Stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files.
|
||||
|
||||
## Impact
|
||||
|
||||
It is possible for a malicious third party to trigger a buffer overflow and
|
||||
effect code execution with the same privileges as the orc compiler is called
|
||||
with by feeding it with malformed orc source files.
|
||||
|
||||
This only affects developers and CI environments using orcc, not users of liborc.
|
||||
|
||||
## Solution
|
||||
|
||||
The Orc 0.4.39 release address the issue.
|
||||
People using older branches of Orc should apply the patches and recompile.
|
||||
|
||||
## References
|
||||
|
||||
### The GStreamer project
|
||||
|
||||
- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
|
||||
|
||||
### CVE Database Entries
|
||||
|
||||
- [CVE-2024-40897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40897)
|
||||
|
||||
### GStreamer Orc releases
|
||||
|
||||
#### 0.4.39
|
||||
|
||||
- [Orc 0.4.39 release notes](https://discourse.gstreamer.org/t/orc-0-4-39-release/1969)
|
||||
- [Orc 0.4.39 tarball (.tar.xz)](/src/orc/orc-0.4.39.tar.xz)
|
||||
|
||||
### Patches
|
||||
|
||||
- [Patch](https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/191.patch)
|
Loading…
Reference in a new issue