Описание
A flaw was found in GStreamer. A remote attacker could exploit this out-of-bounds write vulnerability by providing specially crafted H.266 video data. This issue, specifically within the processing of Adaptation Parameter Set (APS) units, stems from insufficient validation of user-supplied data, leading to a write beyond the allocated buffer. Successful exploitation allows the attacker to execute arbitrary code on the system where GStreamer is running.
Отчет
This vulnerability is rated as IMPORTANT. It affects the GStreamer H.266 Codec Parser, which is included in Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10. Exploitation requires processing specially crafted H.266 media content, which could lead to remote code execution in the context of the current process.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1 | Affected | ||
| Red Hat Enterprise Linux 6 | gstreamer | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gstreamer | Affected | ||
| Red Hat Enterprise Linux 7 | gstreamer1 | Affected | ||
| Red Hat Enterprise Linux 8 | gstreamer1 | Affected | ||
| Red Hat Enterprise Linux 8 | mingw-gstreamer1 | Affected | ||
| Red Hat Enterprise Linux 9 | gstreamer1 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of APS units. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28911.
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of APS units. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28911.
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution ...
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of APS units. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28911.
EPSS
7.8 High
CVSS3