Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2024-2357
HistoryFeb 20, 2024 - 10:26 a.m.

Advisory ROSA-SA-2024-2357

2024-02-2010:26:09
ROSA LAB
abf.rosalinux.ru
15
libvpx 1.10.0
rosa-chrome
heap buffer overflow
gstreamer plugins
integer overflow
code execution
stack buffer overflow
h.265
vp8 format encoding
google chrome

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.306

Percentile

97.0%

JSON

software: libvpx 1.10.0
OS: ROSA-CHROME

package_evr_string: libvpx-1.10.0-4.src.rpm

CVE-ID: CVE-2023-40474
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The MXF file demultiplexer in GStreamer plugins has encountered a heap buffer overflow bug when processing distorted uncompressed video files. This issue requires user interaction with the library and could allow an attacker to cause an integer overflow before allocating the buffer, cause a crash or code execution through heap manipulation, code execution in the context of the current process.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libvpx

CVE-ID: CVE-2023-40475
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Heap buffer overflow error was detected in MXF file, demultiplexer, GStreamer plugins. Error while processing distorted files with AES3 audio. This issue requires user interaction with the library. This could allow an attacker to cause an integer overflow before buffer allocation, cause a crash or code execution through heap manipulation, and code execution in the context of the current process.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libvpx

CVE-ID: CVE-2023-40476
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A stack buffer overflow was detected in the GStreamer Bad plugin when processing invalid H.265 video stream files. This issue requires user interaction with the library and could allow an attacker to cause an integer overflow before allocating the buffer, cause a crash or code execution via heap manipulation, code execution in the context of the current process.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libvpx

CVE-ID: CVE-2023-5217
BDU-ID: 2023-06157
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the VP8 format encoding function of the libvpx library of the Google Chrome browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code when a user opens a specially crafted web page
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libvpx

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibvpx< 1.10.0UNKNOWN

Related

almalinux 2
nessus 61
osv 17
openvas 39
debian 5
amazon 1
redhat 2
redos 2
oraclelinux 2
rocky 2
gentoo 1
photon 3
ubuntu 1
ubuntucve 4
debiancve 4
alpinelinux 4
vulnrichment 3
cve 4
zdi 3
veracode 4
cvelist 4
redhatcve 4
nvd 4
slackware 3
mageia 1
kaspersky 4
malwarebytes 1
mozilla 1
f5 1
mscve 1
freebsd 1
githubexploit 3
cisa_kev 1
fedora 2
attackerkb 1
github 2
prion 1
almalinux
almalinux
Moderate: gstreamer1-plugins-bad-free security update
2024-05-22 00:00:00
Moderate: gstreamer1-plugins-bad-free security update
2024-04-30 00:00:00
nessus
nessus
Debian DLA-3633-1 : gst-plugins-bad1.0 - LTS security update
2023-10-29 00:00:00
Debian DSA-5533-1 : gst-plugins-bad1.0 - security update
2023-10-25 00:00:00
Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)
2024-06-14 00:00:00
osv
osv
gst-plugins-bad1.0 - security update
2023-10-24 00:00:00
gst-plugins-bad1.0 - security update
2023-10-28 00:00:00
Moderate: gstreamer1-plugins-bad-free security update
2024-06-14 13:59:30
openvas
openvas
Debian: Security Advisory (DLA-3633-1)
2023-10-30 00:00:00
Debian: Security Advisory (DSA-5533-1)
2023-10-25 00:00:00
openSUSE: Security Advisory for gstreamer (SUSE-SU-2023:4594-1)
2024-03-04 00:00:00
debian
debian
[SECURITY] [DSA 5533-1] gst-plugins-bad1.0 security update
2023-10-24 20:58:56
[SECURITY] [DLA 3633-1] gst-plugins-bad1.0 security update
2023-10-28 12:08:28
[SECURITY] [DSA 5510-1] libvpx security update
2023-09-29 21:10:17
amazon
amazon
Important: gstreamer1-plugins-bad-free
2023-10-12 15:09:00
redhat
redhat
(RHSA-2024:3060) Moderate: gstreamer1-plugins-bad-free security update
2024-05-22 06:35:29
(RHSA-2024:2287) Moderate: gstreamer1-plugins-bad-free security update
2024-04-30 06:15:16
redos
redos
ROS-20240806-09
2024-08-06 00:00:00
ROS-20231016-04
2023-10-16 00:00:00
oraclelinux
oraclelinux
gstreamer1-plugins-bad-free security update
2024-05-23 00:00:00
gstreamer1-plugins-bad-free security update
2024-05-02 00:00:00
rocky
rocky
gstreamer1-plugins-bad-free security update
2024-06-14 13:59:30
gstreamer1-plugins-bad-free security update
2024-05-10 14:32:38
gentoo
gentoo
GStreamer, GStreamer Plugins: Multiple Vulnerabilities
2024-06-28 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0145
2023-11-17 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0167
2023-12-12 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0513
2023-11-16 00:00:00
ubuntu
ubuntu
GStreamer Bad Plugins vulnerabilities
2023-11-29 00:00:00
ubuntucve
ubuntucve
CVE-2023-40475
2023-09-28 00:00:00
CVE-2023-40474
2023-09-28 00:00:00
CVE-2023-40476
2023-09-28 00:00:00
debiancve
debiancve
CVE-2023-40475
2024-05-03 03:15:20
CVE-2023-40474
2024-05-03 03:15:19
CVE-2023-40476
2024-05-03 03:15:20
alpinelinux
alpinelinux
CVE-2023-40475
2024-05-03 03:15:20
CVE-2023-40474
2024-05-03 03:15:19
CVE-2023-40476
2024-05-03 03:15:20
vulnrichment
vulnrichment
CVE-2023-40475 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:11
CVE-2023-40476 GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:12
CVE-2023-40474 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:10
cve
cve
CVE-2023-40474
2024-05-03 03:15:19
CVE-2023-40475
2024-05-03 03:15:20
CVE-2023-40476
2024-05-03 03:15:20
zdi
zdi
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2023-09-27 00:00:00
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2023-09-27 00:00:00
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2023-09-27 00:00:00
veracode
veracode
Integer Overflow
2023-11-30 16:32:06
Heap Buffer Overflow
2023-11-30 16:32:09
Integer Overflow
2023-11-30 16:32:02
cvelist
cvelist
CVE-2023-40475 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:11
CVE-2023-40474 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:10
CVE-2023-40476 GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2024-05-03 02:11:12
redhatcve
redhatcve
CVE-2023-40474
2023-12-14 18:02:57
CVE-2023-40476
2023-12-14 18:03:03
CVE-2023-40475
2023-12-14 18:02:49
nvd
nvd
CVE-2023-40474
2024-05-03 03:15:19
CVE-2023-40475
2024-05-03 03:15:20
CVE-2023-40476
2024-05-03 03:15:20
slackware
slackware
[slackware-security] mozilla-thunderbird
2023-09-30 21:42:55
[slackware-security] mozilla-firefox
2023-09-28 21:46:24
[slackware-security] libvpx
2023-09-30 21:42:24
mageia
mageia
Updated libvpx packages fix security vulnerability
2023-10-02 13:18:07
kaspersky
kaspersky
KLA60820 DoS vulnerability in Mozilla Firefox
2023-09-28 00:00:00
KLA61042 DoS vulnerability in Mozilla Thunderbird
2023-09-28 00:00:00
KLA61592 DoS vulnerability in Microsoft Office
2023-09-29 00:00:00
malwarebytes
malwarebytes
Update Chrome now! Google patches another actively exploited vulnerability
2023-09-29 11:15:00
mozilla
mozilla
Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, Firefox Focus for Android 118.1.0, and Thunderbird 115.3.1. — Mozilla
2023-09-28 00:00:00
f5
f5
K000137105 : libvpx vulnerability CVE-2023-5217
2023-10-03 00:00:00
mscve
mscve
Chromium: CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx
2023-09-29 16:24:54
freebsd
freebsd
electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx
2023-09-28 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Webmproject Libvpx
2023-10-06 11:01:08
Exploit for Out-of-bounds Write in Webmproject Libvpx
2023-10-06 05:46:16
Exploit for Out-of-bounds Write in Webmproject Libvpx
2023-10-06 10:43:38
cisa_kev
cisa_kev
Google Chromium libvpx Heap Buffer Overflow Vulnerability
2023-10-02 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: libvpx-1.13.0-5.fc39
2023-10-02 00:16:31
[SECURITY] Fedora 38 Update: libvpx-1.13.0-5.fc38
2023-10-01 04:55:42
attackerkb
attackerkb
CVE-2023-5217
2023-09-28 00:00:00
github
github
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding
2023-10-05 13:22:50
Electron affected by libvpx's heap buffer overflow in vp8 encoding
2023-09-28 18:30:45
prion
prion
Heap overflow
2023-09-28 16:15:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.306

Percentile

97.0%

JSON
Related for ROSA-SA-2024-2357
almalinux2nessus61osv17openvas39debian5amazon1redhat2redos2oraclelinux2rocky2gentoo1photon3ubuntu1ubuntucve4debiancve4alpinelinux4vulnrichment3cve4zdi3veracode4cvelist4redhatcve4nvd4slackware3mageia1kaspersky4malwarebytes1mozilla1f51mscve1freebsd1githubexploit3cisa_kev1fedora2attackerkb1github2prion1