USN-7807-1

Michael Randrianantenaina discovered that GStreamer Base Plugins did not correctly handle certain integer operations. An attacker could possibly use this issue to execute arbitrary code. (CVE-2023-37327, CVE-2024-4453)

Michael Randrianantenaina discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-37328)

Antonio Morales discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-47538)

Antonio Morales discovered that GStreamer Base Plugins did not correctly handle parsing certain inputs, which could lead to an out-of-bounds access vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-47541, CVE-2024-47615)

Antonio Morales discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-47542, CVE-2024-47607, CVE-2024-47835)

References

Affected packages

Ubuntu:Pro:16.04:LTS / gst-plugins-base1.0

Package

Name: gst-plugins-base1.0
Purl: pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-1ubuntu0.3+esm2

Affected versions

1.*

1.6.0-1ubuntu1

1.6.1-1ubuntu1

1.6.2-1ubuntu1

1.7.1-1ubuntu1

1.7.2-1ubuntu1

1.7.90-1ubuntu1

1.7.91-1ubuntu1

1.8.0-1ubuntu1

1.8.1-1ubuntu0.1

1.8.2-1ubuntu0.1

1.8.2-1ubuntu0.2

1.8.3-1ubuntu0.1

1.8.3-1ubuntu0.2

1.8.3-1ubuntu0.3

1.8.3-1ubuntu0.3+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gir1.2-gst-plugins-base-1.0",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
        },
        {
            "binary_name": "gstreamer1.0-alsa",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
        },
        {
            "binary_name": "gstreamer1.0-plugins-base",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
        },
        {
            "binary_name": "gstreamer1.0-plugins-base-apps",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
        },
        {
            "binary_name": "gstreamer1.0-x",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
        },
        {
            "binary_name": "libgstreamer-plugins-base1.0-0",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
        },
        {
            "binary_name": "libgstreamer-plugins-base1.0-dev",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

cves_map

{
    "cves": [
        {
            "id": "CVE-2023-37327",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-4453",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47538",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47541",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47542",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47607",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47615",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47835",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:Pro:16.04:LTS"
}

Ubuntu:Pro:18.04:LTS / gst-plugins-base1.0

Package

Name: gst-plugins-base1.0
Purl: pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.5-0ubuntu1~18.04.3+esm1

Affected versions

1.*

1.12.3-1

1.12.4-1

1.13.1-1ubuntu1

1.13.91-1ubuntu1

1.14.0-1ubuntu1

1.14.0-2ubuntu1

1.14.1-1ubuntu1~ubuntu18.04.1

1.14.1-1ubuntu1~ubuntu18.04.2

1.14.4-1ubuntu1.1~ubuntu18.04.1

1.14.5-0ubuntu1~18.04.1

1.14.5-0ubuntu1~18.04.2

1.14.5-0ubuntu1~18.04.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gir1.2-gst-plugins-base-1.0",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        },
        {
            "binary_name": "gstreamer1.0-alsa",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        },
        {
            "binary_name": "gstreamer1.0-gl",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        },
        {
            "binary_name": "gstreamer1.0-plugins-base",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        },
        {
            "binary_name": "gstreamer1.0-plugins-base-apps",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        },
        {
            "binary_name": "gstreamer1.0-x",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        },
        {
            "binary_name": "libgstreamer-gl1.0-0",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        },
        {
            "binary_name": "libgstreamer-plugins-base1.0-0",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        },
        {
            "binary_name": "libgstreamer-plugins-base1.0-dev",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

cves_map

{
    "cves": [
        {
            "id": "CVE-2023-37327",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2023-37328",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-4453",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47538",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47541",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47542",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47600",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47607",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47615",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2024-47835",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                    "type": "CVSS_V4"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:Pro:18.04:LTS"
}