CVE-2023-40475
Published: 28 September 2023
[Integer overflow leading to heap overwrite in MXF file handling with AES3 audio]
Priority
Status
Package | Release | Status |
---|---|---|
gst-plugins-bad0.10 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Needed
|
|
upstream |
Needed
|
|
xenial |
Ignored
(end of standard support)
|
|
gst-plugins-bad1.0 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Released
(1.16.3-0ubuntu1.1)
|
|
jammy |
Released
(1.20.3-0ubuntu1.1)
|
|
lunar |
Released
(1.22.1-1ubuntu1.1)
|
|
mantic |
Released
(1.22.4-1ubuntu1.1)
|
|
noble |
Pending
(1.22.4-1ubuntu2)
|
|
trusty |
Needed
|
|
upstream |
Released
(1.22.6)
|
|
xenial |
Needed
|
|
Patches: upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39 upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1edd1c38dcc5d27e7c5649d999ee8278872a16d4 |
References
- https://gstreamer.freedesktop.org/security/sa-2023-0007.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-1457/
- https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362
- https://ubuntu.com/security/notices/USN-6526-1
- https://www.cve.org/CVERecord?id=CVE-2023-40475
- NVD
- Launchpad
- Debian