1215793 – (CVE-2023-40476) VUL-0: CVE-2023-40476: gstreamer-plugins-bad: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Bug 1215793 (CVE-2023-40476) - VUL-0: CVE-2023-40476: gstreamer-plugins-bad: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Summary: VUL-0: CVE-2023-40476: gstreamer-plugins-bad: GStreamer H265 Parsing Stack-ba...

Status:	RESOLVED FIXED

Alias:	CVE-2023-40476

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/380215/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-40476:8.3:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-09-28 08:15 UTC by SMASH SMASH
Modified:	2024-05-28 11:47 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2023-09-28 08:15:25 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected
installations of GStreamer. Interaction with this library is required to exploit
this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the parsing of H265 encoded video files. The
issue results from the lack of proper validation of the length of user-supplied
data prior to copying it to a fixed-length stack-based buffer. An attacker can
leverage this vulnerability to execute code in the context of the current
process.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40476
https://gstreamer.freedesktop.org/security/sa-2023-0008.html
https://www.zerodayinitiative.com/advisories/ZDI-23-1458/

Comment 1 Cathy Hu 2023-09-28 08:16:20 UTC

Tracking as affected:
- SUSE:ALP:Source:Standard:1.0/gstreamer-plugins-bad  1.22.5 
- SUSE:SLE-12-SP2:Update/gstreamer-plugins-bad        1.8.3  
- SUSE:SLE-12:Update/gstreamer-plugins-bad            1.2.4  
- SUSE:SLE-15-SP2:Update/gstreamer-plugins-bad        1.16.3 
- SUSE:SLE-15-SP3:Update/gstreamer-plugins-bad        1.16.3 
- SUSE:SLE-15-SP4:Update/gstreamer-plugins-bad        1.20.1 
- SUSE:SLE-15-SP5:Update/gstreamer-plugins-bad        1.22.0 
- SUSE:SLE-15:Update/gstreamer-plugins-bad            1.12.5 
- openSUSE:Factory/gstreamer-plugins-bad              1.22.5

Comment 4 Maintenance Automation 2023-10-30 20:30:11 UTC

SUSE-SU-2023:4271-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215793
CVE References: CVE-2023-40474
Sources used:
Desktop Applications Module 15-SP5 (src): gstreamer-plugins-bad-1.22.0-150500.3.6.1
SUSE Package Hub 15 15-SP5 (src): gstreamer-plugins-bad-1.22.0-150500.3.6.1
openSUSE Leap 15.5 (src): gstreamer-plugins-bad-1.22.0-150500.3.6.1
Basesystem Module 15-SP5 (src): gstreamer-plugins-bad-1.22.0-150500.3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Maintenance Automation 2023-11-02 20:30:08 UTC

SUSE-SU-2023:4350-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215793
CVE References: CVE-2023-40474
Sources used:
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): gstreamer-plugins-bad-1.16.3-150200.4.10.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): gstreamer-plugins-bad-1.16.3-150200.4.10.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): gstreamer-plugins-bad-1.16.3-150200.4.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Maintenance Automation 2023-11-03 12:30:05 UTC

SUSE-SU-2023:4355-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215793
CVE References: CVE-2023-40474
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): gstreamer-plugins-bad-1.12.5-150000.3.12.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): gstreamer-plugins-bad-1.12.5-150000.3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): gstreamer-plugins-bad-1.12.5-150000.3.12.1
SUSE CaaS Platform 4.0 (src): gstreamer-plugins-bad-1.12.5-150000.3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Maintenance Automation 2023-11-03 16:30:09 UTC

SUSE-SU-2023:4361-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215793
CVE References: CVE-2023-40474
Sources used:
openSUSE Leap 15.3 (src): gstreamer-plugins-bad-1.16.3-150300.9.9.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): gstreamer-plugins-bad-1.16.3-150300.9.9.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): gstreamer-plugins-bad-1.16.3-150300.9.9.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): gstreamer-plugins-bad-1.16.3-150300.9.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): gstreamer-plugins-bad-1.16.3-150300.9.9.1
SUSE Enterprise Storage 7.1 (src): gstreamer-plugins-bad-1.16.3-150300.9.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Maintenance Automation 2023-11-03 16:30:12 UTC

SUSE-SU-2023:4360-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215793
CVE References: CVE-2023-40474
Sources used:
openSUSE Leap 15.4 (src): gstreamer-plugins-bad-1.20.1-150400.3.6.1
Basesystem Module 15-SP4 (src): gstreamer-plugins-bad-1.20.1-150400.3.6.1
Desktop Applications Module 15-SP4 (src): gstreamer-plugins-bad-1.20.1-150400.3.6.1
SUSE Package Hub 15 15-SP4 (src): gstreamer-plugins-bad-1.20.1-150400.3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Maintenance Automation 2023-11-06 08:30:02 UTC

SUSE-SU-2023:4368-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215793
CVE References: CVE-2023-40474
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): gstreamer-plugins-bad-1.8.3-18.6.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): gstreamer-plugins-bad-1.8.3-18.6.1
SUSE Linux Enterprise Server 12 SP5 (src): gstreamer-plugins-bad-1.8.3-18.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): gstreamer-plugins-bad-1.8.3-18.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Cliff Zhao 2023-11-20 14:48:54 UTC

(In reply to Hu from comment #1)
> Tracking as affected:
> - SUSE:ALP:Source:Standard:1.0/gstreamer-plugins-bad  1.22.5 
> - SUSE:SLE-12-SP2:Update/gstreamer-plugins-bad        1.8.3  
> - SUSE:SLE-12:Update/gstreamer-plugins-bad            1.2.4  
...

gstreamer-plugins-bad in SUSE:SLE-12:Update is too old which don't have the gsth265parser.c module, So don't need to back port the CVE fix code.
[1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9

Comment 16 Maintenance Automation 2023-11-27 12:30:39 UTC

SUSE-SU-2023:4575-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1215793, 1215796
CVE References: CVE-2023-40474, CVE-2023-40476
Sources used:
openSUSE Leap 15.4 (src): gstreamer-plugins-bad-1.20.1-150400.3.9.1
Basesystem Module 15-SP4 (src): gstreamer-plugins-bad-1.20.1-150400.3.9.1
Desktop Applications Module 15-SP4 (src): gstreamer-plugins-bad-1.20.1-150400.3.9.1
SUSE Package Hub 15 15-SP4 (src): gstreamer-plugins-bad-1.20.1-150400.3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Maintenance Automation 2023-11-27 12:30:43 UTC

SUSE-SU-2023:4574-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1215793, 1215796
CVE References: CVE-2023-40474, CVE-2023-40476
Sources used:
Basesystem Module 15-SP5 (src): gstreamer-plugins-bad-1.22.0-150500.3.9.1
Desktop Applications Module 15-SP5 (src): gstreamer-plugins-bad-1.22.0-150500.3.9.1
SUSE Package Hub 15 15-SP5 (src): gstreamer-plugins-bad-1.22.0-150500.3.9.1
openSUSE Leap 15.5 (src): gstreamer-plugins-bad-1.22.0-150500.3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Maintenance Automation 2023-11-28 12:30:04 UTC

SUSE-SU-2023:4597-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1215793, 1215796
CVE References: CVE-2023-40474, CVE-2023-40476
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): gstreamer-plugins-bad-1.8.3-18.9.3
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): gstreamer-plugins-bad-1.8.3-18.9.3
SUSE Linux Enterprise Server 12 SP5 (src): gstreamer-plugins-bad-1.8.3-18.9.3
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): gstreamer-plugins-bad-1.8.3-18.9.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Maintenance Automation 2023-11-28 12:30:07 UTC

SUSE-SU-2023:4596-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1215793, 1215796
CVE References: CVE-2023-40474, CVE-2023-40476
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): gstreamer-plugins-bad-1.12.5-150000.3.15.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): gstreamer-plugins-bad-1.12.5-150000.3.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): gstreamer-plugins-bad-1.12.5-150000.3.15.1
SUSE CaaS Platform 4.0 (src): gstreamer-plugins-bad-1.12.5-150000.3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Maintenance Automation 2023-11-28 12:30:15 UTC

SUSE-SU-2023:4595-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1215793, 1215796
CVE References: CVE-2023-40474, CVE-2023-40476
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): gstreamer-plugins-bad-1.16.3-150200.4.13.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): gstreamer-plugins-bad-1.16.3-150200.4.13.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): gstreamer-plugins-bad-1.16.3-150200.4.13.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Maintenance Automation 2023-11-28 12:30:24 UTC

SUSE-SU-2023:4594-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1215793, 1215796
CVE References: CVE-2023-40474, CVE-2023-40476
Sources used:
openSUSE Leap 15.3 (src): gstreamer-plugins-bad-1.16.3-150300.9.12.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): gstreamer-plugins-bad-1.16.3-150300.9.12.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): gstreamer-plugins-bad-1.16.3-150300.9.12.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): gstreamer-plugins-bad-1.16.3-150300.9.12.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): gstreamer-plugins-bad-1.16.3-150300.9.12.2
SUSE Enterprise Storage 7.1 (src): gstreamer-plugins-bad-1.16.3-150300.9.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Marcus Meissner 2023-12-19 20:05:10 UTC

openSUSE-SU-2023:0409-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1215793,1215796
CVE References: CVE-2023-40474,CVE-2023-40476
JIRA References: 
Sources used:
openSUSE Leap 15.5 (src):    gstreamer-plugins-bad-1.22.0-lp155.3.7.1
openSUSE Leap 15.4 (src):    gstreamer-plugins-bad-1.20.1-lp154.2.9.1

Comment 30 Carlos López 2024-05-28 11:44:50 UTC

Done, closing.