Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issues:
Adding references for already fixed vulnerability:
- CVE-2023-50186: Fixed heap-based buffer overflow in the AV1 codec parser (ZDI-CAN-22300, bsc#1218534, bsc#1223263)
- CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792).
- CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free (bsc#1217213).
- CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow (bsc#1217211).
-
Submitted by
Cliff Zhao (qzhao)
Fixed bugs
bnc#1217211
VUL-0: CVE-2023-44429: gstreamer-plugins-bad: GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
bnc#1217213
VUL-0: CVE-2023-44446: gstreamer-plugins-bad: GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability
bnc#1215792
VUL-0: CVE-2023-40475: gstreamer-plugins-bad: GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
bnc#1218534
VUL-0: gstreamer-plugins-bad: Heap-based buffer overflow in the AV1 codec parser (ZDI-CAN-22300)
bnc#1223263
VUL-0: CVE-2023-50186: gstreamer-plugins-bad: buffer overflow vulnerability
