Bug 1213750 (CVE-2023-38104) - VUL-0: CVE-2023-38104: gstreamer-plugins-ugly: integer overflow during parsing of MDPR chunks may lead to code execution
Summary: VUL-0: CVE-2023-38104: gstreamer-plugins-ugly: integer overflow during parsin...
Status: RESOLVED FIXED
Alias: CVE-2023-38104
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/373633/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-38104:8.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-28 07:46 UTC by Carlos López
Modified: 2024-02-22 14:51 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2023-07-28 07:46:27 UTC 
CVE-2023-38104

This vulnerability allows remote attackers to execute arbitrary code on affected
installations of GStreamer. Interaction with this library is required to exploit
this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of MDPR chunks. The issue results
from the lack of proper validation of user-supplied data, which can result in an
integer overflow before allocating a buffer. An attacker can leverage this
vulnerability to execute code in the context of the current process.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38104
https://www.zerodayinitiative.com/advisories/ZDI-23-1008/
Comment 2 Carlos López 2023-07-28 08:07:04 UTC 
Affected:
- SUSE:SLE-15-SP2:Update/gstreamer-plugins-ugly
- SUSE:SLE-15-SP4:Update/gstreamer-plugins-ugly
- SUSE:SLE-15-SP5:Update/gstreamer-plugins-ugly

Already fixed in Factory.
Comment 3 Carlos López 2023-07-28 08:13:43 UTC 
(In reply to Carlos López from comment #1)
> 
> Fix:
> https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/
> 67e38cf47b7683586c24de18d8253029042dc72f

Part of this PR:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072
Comment 8 Maintenance Automation 2023-08-07 20:31:55 UTC 
SUSE-SU-2023:3222-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1213750, 1213751
CVE References: CVE-2023-38103, CVE-2023-38104
Sources used:
openSUSE Leap 15.4 (src): gstreamer-plugins-ugly-1.16.3-150200.3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Maintenance Automation 2023-08-08 08:30:04 UTC 
SUSE-SU-2023:3226-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1213750, 1213751
CVE References: CVE-2023-38103, CVE-2023-38104
Sources used:
openSUSE Leap 15.4 (src): gstreamer-plugins-ugly-1.20.1-150400.3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP4 (src): gstreamer-plugins-ugly-1.20.1-150400.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2023-08-08 20:30:10 UTC 
SUSE-SU-2023:3247-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1213750, 1213751
CVE References: CVE-2023-38103, CVE-2023-38104
Sources used:
openSUSE Leap 15.5 (src): gstreamer-plugins-ugly-1.22.0-150500.3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP5 (src): gstreamer-plugins-ugly-1.22.0-150500.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Carlos López 2024-02-22 14:51:01 UTC 
Done, closing.