CVE-2023-40475
Published: 28 September 2023
[Integer overflow leading to heap overwrite in MXF file handling with AES3 audio]
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gst-plugins-bad0.10 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| trusty |
Needed
|
|
| upstream |
Needed
|
|
| xenial |
Ignored
(end of standard support)
|
|
|
gst-plugins-bad1.0 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| focal |
Released
(1.16.3-0ubuntu1.1)
|
|
| jammy |
Released
(1.20.3-0ubuntu1.1)
|
|
| lunar |
Released
(1.22.1-1ubuntu1.1)
|
|
| mantic |
Released
(1.22.4-1ubuntu1.1)
|
|
| noble |
Pending
(1.22.4-1ubuntu2)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(1.22.6)
|
|
| xenial |
Needed
|
|
|
Patches: upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39 upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1edd1c38dcc5d27e7c5649d999ee8278872a16d4 |
||
References
- https://gstreamer.freedesktop.org/security/sa-2023-0007.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-1457/
- https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362
- https://ubuntu.com/security/notices/USN-6526-1
- https://www.cve.org/CVERecord?id=CVE-2023-40475
- NVD
- Launchpad
- Debian