CVE-2023-37328Heap-based Buffer Overflow in Gstreamer

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write9 documents6 sources
Severity
8.8HIGHNVD
EPSS
7.7%
top 8.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GstreamerDebian Gst-plugins-base1.0
Timeline
PublishedMay 3
Latest updateOct 7

Description

GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDgstreamer/gstreamer1.22.01.22.4+1
CVEListV5gstreamer/gstreamer1.22 and latest commit 6dff93acf69c40271a769aa2fa35efbcc2aeb9b4
debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.22.0-3+deb12u1 (bookworm)

🔴Vulnerability Details

4
OSV
gst-plugins-base1.0 vulnerabilities2025-10-07
GHSA
GHSA-cvqg-h5hx-c2m4: GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
OSV
CVE-2023-37328: GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
OSV
gst-plugins-base1.0 vulnerabilities2023-08-02

📋Vendor Advisories

4
Ubuntu
GStreamer Base Plugins vulnerabilities2025-10-07
Ubuntu
GStreamer Base Plugins vulnerabilities2023-08-02
Red Hat
gstreamer-plugins-base: heap overwrite in subtitle parsing2023-07-05
Debian
CVE-2023-37328: gst-plugins-base1.0 - GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vuln...2023
CVE-2023-37328 — Heap-based Buffer Overflow | cvebase