mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-11-21 17:21:13 +00:00

Tim-Philipp Müller 95ca7014c8 security-advisories: import from www module

Ship these also as part of the monorepo, so we can prepare
new advisories as part of the relevant merge requests in
the private gstreamer-security repository.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7610>

2024-10-04 19:18:45 +00:00

1.4 KiB

Raw Permalink Blame History

Security Advisory 2024-0003 (JVN#02030803, JPCERT#92912620, CVE-2024-40897)


Summary	Orc compiler stack-based buffer overflow
Date	2024-07-19 12:30
Affected Versions	orc < 0.4.39
IDs	GStreamer-SA-2024-0003 JVN#02030803 / JPCERT#92912620 CVE-2024-40897

Details

Stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files.

Impact

It is possible for a malicious third party to trigger a buffer overflow and effect code execution with the same privileges as the orc compiler is called with by feeding it with malformed orc source files.

This only affects developers and CI environments using orcc, not users of liborc.

Solution

The Orc 0.4.39 release address the issue. People using older branches of Orc should apply the patches and recompile.

1.4 KiB

Raw Permalink Blame History

Security Advisory 2024-0003 (JVN#02030803, JPCERT#92912620, CVE-2024-40897)

Details

Impact

Solution

References

The GStreamer project

CVE Database Entries

GStreamer Orc releases

0.4.39

Patches

1.4 KiB Raw Permalink Blame History

Security Advisory 2024-0003 (JVN#02030803, JPCERT#92912620, CVE-2024-40897)

Details

Impact

Solution

References

The GStreamer project

CVE Database Entries

GStreamer Orc releases

0.4.39

Patches

1.4 KiB

Raw Permalink Blame History