Versions in Ubuntu 20.04, 22.04 and 23.04 are vulnerable to CVE-2023-37329
Bug #2035585 reported by
Luís Infante da Câmara
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gst-plugins-bad1.0 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The versions in Ubuntu 20.04, 22.04 and 23.04 are vulnerable to CVE-2023-37329.
CVE References
information type: | Private Security → Public Security |
Changed in gst-plugins-bad1.0 (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
This bug was fixed in the package gst-plugins-bad1.0 - 1.16.3-0ubuntu1.1
---------------
gst-plugins-bad1.0 (1.16.3-0ubuntu1.1) focal-security; urgency=medium
[ Luís Infante da Câmara ] patches/ CVE-2023- 37329-1. patch: Make sure enough data is patches/ CVE-2023- 37329-2. patch: Avoid integer overflow when
* SECURITY UPDATE: Heap buffer overflow in dvdspu (LP: #2035585)
- debian/
allocated for the available data.
- debian/
checking if enough data is available.
- CVE-2023-37329
[ Marc Deslauriers ] patches/ CVE-2023- 40474.patch: fix integer overflow causing out mxf/mxfup. c. patches/ CVE-2023- 40475.patch: check number of channels for patches/ CVE-2023- 40476.patch: fix possible overflow using sub_layers_ minus1 in gst-libs/ gst/codecparser s/gsth265parser .c. patches/ CVE-2023- 44446.patch: store GstMXFDemuxEsse nceTrack in
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/
of bounds writes when handling invalid uncompressed video in
gst/
- CVE-2023-40474
* SECURITY UPDATE: integer overflow in MXF file handling
- debian/
AES3 audio in gst/mxf/mxfd10.c.
- CVE-2023-40475
* SECURITY UPDATE: integer overflow in H.265 video parser
- debian/
max_
- CVE-2023-40476
* SECURITY UPDATE: MXF demuxer use-after-free
- debian/
their own fixed allocation in gst/mxf/mxfdemux.*.
- CVE-2023-44446
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2023 13:33:46 -0500