Advisories » MGASA-2024-0215

Updated 0-plugins-base packages fix security vulnerability

Publication date: 08 Jun 2024
Modification date: 08 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-4453

Description

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution
Vulnerability. This vulnerability allows remote attackers to execute
arbitrary code on affected installations of GStreamer. Interaction with
this library is required to exploit this vulnerability but attack
vectors may vary depending on the implementation. The specific flaw
exists within the parsing of EXIF metadata. The issue results from the
lack of proper validation of user-supplied data, which can result in an
integer overflow before allocating a buffer. An attacker can leverage
this vulnerability to execute code in the context of the current
process. (CVE-2024-4453)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33259
• https://lwn.net/Articles/976177/
• https://gstreamer.freedesktop.org/security/sa-2024-0002.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4453

SRPMS

9/core

• gstreamer1.0-plugins-base-1.22.11-1.1.mga9