Описание
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF (Advanced Systems Format) files, leading to data being copied to a fixed-length heap-based buffer without proper bounds checking. Successful exploitation can result in arbitrary code execution in the context of the current process.
Отчет
This is an IMPORTANT heap-based buffer overflow vulnerability in the GStreamer ASF Demuxer. The flaw allows remote code execution when processing specially crafted ASF files due to improper validation of stream header lengths. Red Hat products utilizing GStreamer for multimedia processing are affected if they handle untrusted ASF content.
Меры по смягчению последствий
Avoid processing untrusted ASF (Advanced Systems Format) media files. This vulnerability in the GStreamer ASF Demuxer requires user interaction, such as opening a malicious ASF file, to trigger the heap-based buffer overflow. Limiting exposure to untrusted media content can reduce the attack surface.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1 | Affected | ||
| Red Hat Enterprise Linux 6 | gstreamer | Affected | ||
| Red Hat Enterprise Linux 7 | gstreamer | Affected | ||
| Red Hat Enterprise Linux 7 | gstreamer1 | Affected | ||
| Red Hat Enterprise Linux 8 | gstreamer1 | Affected | ||
| Red Hat Enterprise Linux 8 | mingw-gstreamer1 | Affected | ||
| Red Hat Enterprise Linux 9 | gstreamer1 | Affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution ...
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.
7.8 High
CVSS3