GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2023-44446

8.8HIGH

Key Information:

Vendor: Gstreamer
Status: Gstreamer
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-44446?

A vulnerability exists in GStreamer related to the parsing of MXF video files, which may allow remote attackers to execute arbitrary code within the context of the application. The flaw arises due to insufficient validation of object existence before operations are performed. Successful exploitation requires an attacker to interact with the affected GStreamer library, potentially leading to severe security breaches depending on the specific implementation utilized. Further information and patch details are available in vendor advisories and security resources.

Affected Version(s)

GStreamer 64a58c37acc564285a125f99570787fb678446c9

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1647/

x_research-advisory

https://gstreamer.freedesktop.org/security/sa-2023-0010.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023

JSON

Gstreamer

What is CVE-2023-44446?

Affected Version(s)

References

CVSS V3.1

Timeline