CVE-2023-40476
Published: 28 September 2023
[Integer overflow in H.265 video parser leading to stack overwrite]
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gst-plugins-bad0.10 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needed
|
|
| xenial |
Ignored
(end of standard support)
|
|
|
gst-plugins-bad1.0 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| focal |
Released
(1.16.3-0ubuntu1.1)
|
|
| jammy |
Released
(1.20.3-0ubuntu1.1)
|
|
| lunar |
Released
(1.22.1-1ubuntu1.1)
|
|
| mantic |
Released
(1.22.4-1ubuntu1.1)
|
|
| noble |
Pending
(1.22.4-1ubuntu2)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Released
(1.22.6)
|
|
| xenial |
Needed
|
|
|
Patches: upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9 upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fddda166222a067d0e511950a0a8cfb9f5a521b7 |
||
References
- https://gstreamer.freedesktop.org/security/sa-2023-0008.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-1458/
- https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364
- https://ubuntu.com/security/notices/USN-6526-1
- https://www.cve.org/CVERecord?id=CVE-2023-40476
- NVD
- Launchpad
- Debian