CVE-2023-37329

HIGH
2024-05-03 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
CVE Published
May 03, 2024 - 02:15 nvd
HIGH 8.8

Tags

RCE Buffer Overflow Gstreamer

Description

GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968.

Analysis

A heap-based buffer overflow vulnerability in GStreamer's SRT subtitle file parsing functionality allows remote attackers to execute arbitrary code when processing maliciously crafted SRT files. The vulnerability affects all versions of GStreamer and requires user interaction (such as opening a malicious subtitle file), making it particularly dangerous for media players and applications that use GStreamer for subtitle processing. With an EPSS score of 4.74% (89th percentile), this vulnerability has a higher-than-average likelihood of exploitation in the wild.

Technical Context

GStreamer is a widely-used open-source multimedia framework that handles audio and video processing across multiple platforms. Based on the CPE data (cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*), all versions of GStreamer are affected by this vulnerability. The root cause is a classic heap buffer overflow (CWE-122) that occurs during the parsing of SRT (SubRip Text) subtitle files, where the parser fails to properly validate the length of user-supplied data before copying it to a heap-allocated buffer, potentially allowing an attacker to overwrite adjacent memory regions and hijack program execution flow.

Affected Products

All versions of GStreamer are affected by this vulnerability, as indicated by the CPE identifier cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. GStreamer is commonly integrated into various media players, web browsers, and multimedia applications across Linux, Windows, and other platforms. The vulnerability was originally tracked as ZDI-CAN-20968 by Trend Micro's Zero Day Initiative and has been acknowledged by the GStreamer project in their security advisory at https://gstreamer.freedesktop.org/security/sa-2023-0002.html.

Remediation

Users should immediately update to a patched version of GStreamer as specified in the official security advisory at https://gstreamer.freedesktop.org/security/sa-2023-0002.html. Fedora Linux users should apply the updates announced at https://lists.fedoraproject.org/archives/list/[email protected]/message/IGQEFZ6ZB3C2XU4JQD3IAFMQIN456W2D/. As a temporary mitigation until patching is complete, organizations should disable automatic loading of external subtitle files in applications using GStreamer, implement strict input validation for any user-provided media files, and consider running media applications in sandboxed environments with limited system privileges.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +4.7
CVSS: +44
POC: 0

Share

CVE-2023-37329 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy