CVE-2023-37328

EUVD-2023-41232

03.05.2024, 02:15

GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-20994.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
gstreamer	gstreamer	𝑥 < 1.20.7
gstreamer	gstreamer	1.22.0 ≤ 𝑥 < 1.22.4

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
gstreamer	gstreamer	1.x ≤ 𝑥 < 1.22.4	ADP
gstreamer	gstreamer	1.x ≤ 𝑥 < 1.20.7	ADP

Debian Releases

Debian Product

Codename

gst-plugins-base1.0

bookworm	1.22.0-3+deb12u2 fixed
bookworm (security)	1.22.0-3+deb12u3 fixed
bullseye	1.18.4-2+deb11u2 fixed
bullseye (security)	1.18.4-2+deb11u3 fixed
sid	1.24.10-1 fixed
trixie	1.24.10-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gst-plugins-base0.10

bionic	ignored
focal	dne
jammy	dne
lunar	dne
mantic	dne
noble	dne
oracular	dne
trusty	ignored
xenial	needs-triage

gst-plugins-base1.0

bionic	needs-triage
focal	Fixed 1.16.3-0ubuntu1.2 released
jammy	Fixed 1.20.1-1ubuntu0.1 released
lunar	Fixed 1.22.1-1ubuntu1.1 released
mantic	not-affected
noble	not-affected
oracular	not-affected
trusty	ignored
xenial	needs-triage

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

https://gstreamer.freedesktop.org/security/sa-2023-0003.html

https://www.zerodayinitiative.com/advisories/ZDI-23-901/

https://gstreamer.freedesktop.org/security/sa-2023-0003.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQEFZ6ZB3C2XU4JQD3IAFMQIN456W2D/

https://www.zerodayinitiative.com/advisories/ZDI-23-901/