Gstreamer
CVE-2023-37328
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994.
AnalysisAI
A heap-based buffer overflow vulnerability in GStreamer's PGS (Presentation Graphic Stream) subtitle file parser allows remote attackers to execute arbitrary code when processing malicious subtitle files. The vulnerability affects all GStreamer installations and requires user interaction to exploit, typically by opening a media file with crafted PGS subtitles. With an EPSS score of 7.71% (92nd percentile), this vulnerability represents a significant exploitation risk in the wild.
Technical ContextAI
GStreamer is a widely-used open-source multimedia framework that handles audio and video processing across numerous applications and platforms. The vulnerability resides in the PGS subtitle parsing component, where insufficient validation of user-supplied data length leads to a heap buffer overflow (CWE-122). According to the CPE data (cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*), all versions of GStreamer are affected. PGS subtitles are commonly used in Blu-ray discs and digital media files, making this a broad attack surface for multimedia applications using GStreamer.
RemediationAI
Update GStreamer to the latest patched version as specified in security advisory SA-2023-0003 at https://gstreamer.freedesktop.org/security/sa-2023-0003.html. For Fedora users, apply the security updates referenced at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQEFZ6ZB3C2XU4JQD3IAFMQIN456W2D/. As an immediate mitigation, disable PGS subtitle processing or restrict media file sources to trusted origins only. Organizations should inventory all applications using GStreamer libraries and prioritize patching based on exposure to untrusted media files.
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write an
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to
An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service o
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denia
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory
An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when par
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation fault
Same weakness CWE-122 – Heap-based Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today