CVE-2023-50186

EUVD-2023-55008

03.05.2024, 03:16

GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
gstreamer	gstreamer	𝑥 < 1.22.8

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
gstreamer_project	gstreamer	𝑥 < 1.22.8	ADP

Debian Releases

Debian Product

Codename

gst-plugins-bad1.0

bookworm	1.22.0-4+deb12u5 fixed
bookworm (security)	1.22.0-4+deb12u5 fixed
bullseye	1.18.4-3+deb11u4 not-affected
bullseye (security)	1.18.4-3+deb11u4 fixed
buster	not-affected
sid	1.24.10-2 fixed
trixie	1.24.10-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

gst-plugins-bad0.10

focal	dne
jammy	dne
mantic	dne
noble	dne
oracular	dne
trusty	ignored

gst-plugins-bad1.0

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
mantic	ignored
noble	not-affected
oracular	not-affected
trusty	ignored
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

gstreamer-plugins-bad

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

gstreamer-plugins-bad-chromaprint

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

gstreamer-plugins-bad-devel

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

gstreamer-plugins-bad-lang

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstadaptivedemux-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstbadaudio-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstbasecamerabinsrc-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstcodecparsers-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstcodecs-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstcuda-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstinsertbin-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstisoff-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstmpegts-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstphotography-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstplay-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstplayer-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstsctp-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgsttranscoder-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgsturidownloader-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstva-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstvulkan-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstwayland-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstwebrtc-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libgstwebrtcnice-1_0-0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

libvpl

suse enterprise desktop 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise desktop 15 SP6	2023.0.0-150500.3.2.1 fixed
suse enterprise sap 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise sap 15 SP6	2023.0.0-150500.3.2.1 fixed
suse enterprise server 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise server 15 SP6	2023.0.0-150500.3.2.1 fixed

libvpl-devel

suse enterprise desktop 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise desktop 15 SP6	2023.0.0-150500.3.2.1 fixed
suse enterprise sap 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise sap 15 SP6	2023.0.0-150500.3.2.1 fixed
suse enterprise server 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise server 15 SP6	2023.0.0-150500.3.2.1 fixed

libvpl2

suse enterprise desktop 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise desktop 15 SP6	2023.0.0-150500.3.2.1 fixed
suse enterprise sap 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise sap 15 SP6	2023.0.0-150500.3.2.1 fixed
suse enterprise server 15 SP5	2023.0.0-150500.3.2.1 fixed
suse enterprise server 15 SP6	2023.0.0-150500.3.2.1 fixed

typelib-1_0-CudaGst-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstBadAudio-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstCodecs-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstCuda-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstInsertBin-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstMpegts-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstPlay-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstPlayer-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstVa-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

typelib-1_0-GstWebRTC-1_0

suse enterprise desktop 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise sap 15 SP5	1.22.0-150500.3.25.2 fixed
suse enterprise server 15 SP4	1.20.1-150400.3.23.2 fixed
suse enterprise server 15 SP5	1.22.0-150500.3.25.2 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

gstreamer1-plugins-bad-free

RHEL 9

0:1.22.1-4.el9

fixed

gstreamer1-plugins-bad-free-devel

RHEL 9

0:1.22.1-4.el9

fixed

Common Weakness Enumeration

References

https://gstreamer.freedesktop.org/security/sa-2023-0011.html

https://www.zerodayinitiative.com/advisories/ZDI-24-368/

https://gstreamer.freedesktop.org/security/sa-2023-0011.html

https://www.zerodayinitiative.com/advisories/ZDI-24-368/