CVE-2023-40476
Published: 28 September 2023
[Integer overflow in H.265 video parser leading to stack overwrite]
Priority
Status
Package | Release | Status |
---|---|---|
gst-plugins-bad0.10 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needed
|
|
xenial |
Ignored
(end of standard support)
|
|
gst-plugins-bad1.0 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Released
(1.16.3-0ubuntu1.1)
|
|
jammy |
Released
(1.20.3-0ubuntu1.1)
|
|
lunar |
Released
(1.22.1-1ubuntu1.1)
|
|
mantic |
Released
(1.22.4-1ubuntu1.1)
|
|
noble |
Pending
(1.22.4-1ubuntu2)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(1.22.6)
|
|
xenial |
Needed
|
|
Patches: upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9 upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fddda166222a067d0e511950a0a8cfb9f5a521b7 |
References
- https://gstreamer.freedesktop.org/security/sa-2023-0008.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-1458/
- https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364
- https://ubuntu.com/security/notices/USN-6526-1
- https://www.cve.org/CVERecord?id=CVE-2023-40476
- NVD
- Launchpad
- Debian