GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4971-1 advisory.

  - heap overwrite in PGS subtitle overlay decoder [fedora-all] (CVE-2023-37329)

  - Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40475)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-0984b63b23 advisory.

  - Integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327) (CVE-2023-37327)

  - Heap overwrite in subtitle parsing (CVE-2023-37328) (CVE-2023-37328)

  - heap overwrite in PGS subtitle overlay decoder [fedora-all] (CVE-2023-37329)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6526-1 advisory.

    It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker     could use this issue to cause GStreamer Bad Plugins to crash, resulting in a denial of service, or     possibly execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0379-1 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3802-1 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3267-1 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3235-1 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3249-1 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3220-1 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3503 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
187304	SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:4971-1)	Nessus	SuSE Local Security Checks	high
187291	Fedora 38 : mingw-gstreamer1 / mingw-gstreamer1-plugins-bad-free / etc (2023-0984b63b23)	Nessus	Fedora Local Security Checks	high
186441	Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : GStreamer Bad Plugins vulnerabilities (USN-6526-1)	Nessus	Ubuntu Local Security Checks	high
186350	openSUSE 15 Security Update : gstreamer-plugins-bad (openSUSE-SU-2023:0379-1)	Nessus	SuSE Local Security Checks	high
182091	SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:3802-1)	Nessus	SuSE Local Security Checks	high
179681	SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:3267-1)	Nessus	SuSE Local Security Checks	high
179594	SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:3235-1)	Nessus	SuSE Local Security Checks	high
179587	SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:3249-1)	Nessus	SuSE Local Security Checks	high
179431	SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:3220-1)	Nessus	SuSE Local Security Checks	high
178841	Debian DLA-3503-1 : gst-plugins-bad1.0 - LTS security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2023-37329

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high