Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-37327

Published: 31 July 2023

Integer overflow leading to heap overwrite in FLAC image tag handling

Notes

AuthorNote
mdeslaur
Two patches are required to fix this CVE. Main patch is in
the "good" package, and second patch is in the "base" package.

Priority

Medium

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
trusty Ignored
(end of standard support)
xenial Needs triage

bionic Ignored
(end of standard support)
focal Does not exist

jammy Does not exist

lunar Does not exist

upstream Needs triage

mantic Does not exist

gst-plugins-good1.0
Launchpad, Ubuntu, Debian
trusty Ignored
(end of standard support)
xenial Needs triage

bionic Needs triage

upstream
Released (1.22.4-1)
focal
Released (1.16.3-0ubuntu1.2)
jammy
Released (1.20.3-0ubuntu1.1)
lunar
Released (1.22.1-1ubuntu1.2)
mantic Not vulnerable
(1.22.4-1ubuntu2)
Patches:

upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bdc8021c73c16c49d594579c606a4f4771a2670e
gst-plugins-base0.10
Launchpad, Ubuntu, Debian
trusty Ignored
(end of standard support)
xenial Needs triage

bionic Ignored
(end of standard support)
focal Does not exist

jammy Does not exist

lunar Does not exist

upstream Needs triage

mantic Does not exist

gst-plugins-base1.0
Launchpad, Ubuntu, Debian
trusty Ignored
(end of standard support)
xenial Needs triage

bionic Needs triage

upstream
Released (1.22.4-1)
focal
Released (1.16.3-0ubuntu1.2)
jammy
Released (1.20.1-1ubuntu0.1)
lunar
Released (1.22.1-1ubuntu1.1)
mantic Not vulnerable
(1.22.4-1)
Patches:
upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7bcd791fabe03b9ab1c72f494fc86cd0c06c3556