Versions in Ubuntu 20.04, 22.04 and 23.04 are vulnerable to CVE-2023-37329
Bug #2035585 reported by
Luís Infante da Câmara
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gst-plugins-bad1.0 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
The versions in Ubuntu 20.04, 22.04 and 23.04 are vulnerable to CVE-2023-37329.
CVE References
| information type: | Private Security → Public Security |
| Changed in gst-plugins-bad1.0 (Ubuntu): | |
| status: | New → Confirmed |
Revision history for this message
| Luís Infante da Câmara (luis220413) wrote | #1 |
| tags: | added: community-security focal jammy lunar patch |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in gst-plugins-bad1.0 (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package gst-plugins-bad1.0 - 1.16.3-0ubuntu1.1
---------------
gst-plugins-bad1.0 (1.16.3-0ubuntu1.1) focal-security; urgency=medium
[ Luís Infante da Câmara ]
* SECURITY UPDATE: Heap buffer overflow in dvdspu (LP: #2035585)
- debian/
allocated for the available data.
- debian/
checking if enough data is available.
- CVE-2023-37329
[ Marc Deslauriers ]
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/
of bounds writes when handling invalid uncompressed video in
gst/
- CVE-2023-40474
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/
AES3 audio in gst/mxf/mxfd10.c.
- CVE-2023-40475
* SECURITY UPDATE: integer overflow in H.265 video parser
- debian/
max_
- CVE-2023-40476
* SECURITY UPDATE: MXF demuxer use-after-free
- debian/
their own fixed allocation in gst/mxf/mxfdemux.*.
- CVE-2023-44446
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2023 13:33:46 -0500