Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2023-37327

Published: 31 July 2023

Integer overflow leading to heap overwrite in FLAC image tag handling

Notes

AuthorNote
mdeslaur 
Two patches are required to fix this CVE. Main patch is in
the "good" package, and second patch is in the "base" package.

Priority

Medium

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian 		trusty Ignored
(end of standard support)
xenial Needs triage

bionic Ignored
(end of standard support)
focal Does not exist

jammy Does not exist

lunar Does not exist

upstream Needs triage

gst-plugins-good1.0
Launchpad, Ubuntu, Debian 		trusty Ignored
(end of standard support)
xenial Needs triage

bionic Needs triage

upstream
Released (1.22.4-1)
focal
Released (1.16.3-0ubuntu1.2)
jammy
Released (1.20.3-0ubuntu1.1)
lunar
Released (1.22.1-1ubuntu1.2)
Patches:

upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bdc8021c73c16c49d594579c606a4f4771a2670e
gst-plugins-base0.10
Launchpad, Ubuntu, Debian 		trusty Ignored
(end of standard support)
xenial Needs triage

bionic Ignored
(end of standard support)
focal Does not exist

jammy Does not exist

lunar Does not exist

upstream Needs triage

gst-plugins-base1.0
Launchpad, Ubuntu, Debian 		trusty Ignored
(end of standard support)
xenial Needs triage

bionic Needs triage

focal
Released (1.16.3-0ubuntu1.2)
jammy
Released (1.20.1-1ubuntu0.1)
lunar
Released (1.22.1-1ubuntu1.1)
upstream
Released (1.22.4-1)
Patches:
upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7bcd791fabe03b9ab1c72f494fc86cd0c06c3556

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading