CVE-2023-40476
published 2024-05-03CVE-2023-40476: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on…
PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.01%
78.4th percentile
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21768.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gst-plugins-bad1.0 | < gst-plugins-bad1.0 1.22.0-4+deb12u2 (bookworm) | gst-plugins-bad1.0 1.22.0-4+deb12u2 (bookworm) |
| gstreamer | gstreamer | < 1.22.6 | 1.22.6 |
| gstreamer | gstreamer | — | — |
| ubuntu | gst-plugins-bad1.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists in H.265 (H265) video file parsing within GStreamer's gstreamer-plugins-bad / gstreamer1-plugins-bad-free package; detect processing of malformed H.265 encoded video files by the affected library. ↗
- →Monitor for stack-based buffer overflow conditions or integer overflow events triggered during H.265 video stream parsing in GStreamer Plugins Bad, which may precede a crash or code execution. ↗
- ·Attack vectors vary depending on the implementation; any application that passes untrusted H.265 video data to GStreamer is potentially exposed. ↗
- ·Red Hat rates this as Moderate impact because exploitation requires a local user and direct interaction with the library; remote exploitation depends on how the library is exposed by the application. ↗
- ·Fixed versions are available: Debian bookworm fixed in 1.22.0-4+deb12u2, bullseye in 1.18.4-3+deb11u2, and sid/trixie/forky in 1.22.7-1. Ensure patched versions are deployed. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GStreamer Bad Plugins vulnerabilities
vendor_ubuntu·2026-04-23·CVSS 8.8
CVE-2023-40475 [HIGH] GStreamer Bad Plugins vulnerabilities
Title: GStreamer Bad Plugins vulnerabilities
Summary: Several security issues were fixed in GStreamer Bad Plugins.
It was discovered that multiple plugins in GStreamer contained arithmetic
overflows. An attacker could possibly use this issue to cause applications
using the plugins to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2023-37329, CVE-2023-40474, CVE-2023-40475,
CVE-2023-40476)
It was discovered that the MXF demuxer plugin in GStreamer did not
properly manage memory. An attacker could possibly use this issue to cause
applications using the plugin to crash, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2023-44446)
It was discovered that the H265 codec plugin in GStreamer could be made
to write out of bounds. An a
Ubuntu
GStreamer Bad Plugins vulnerabilities
vendor_ubuntu·2023-11-29
CVE-2023-40476 GStreamer Bad Plugins vulnerabilities
Title: GStreamer Bad Plugins vulnerabilities
Summary: Several security issues were fixed in GStreamer Bad Plugins.
It was discovered that GStreamer Bad Plugins incorrectly handled certain
media files. A remote attacker could use this issue to cause GStreamer
Bad Plugins to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite
vendor_redhat·2023-09-20·CVSS 8.8
CVE-2023-40476 [HIGH] CWE-190 gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite
gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21768.
A stack-based buffer overflow was found
Debian
CVE-2023-40476: gst-plugins-bad1.0 - GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnera...
vendor_debian·2023·CVSS 8.8
CVE-2023-40476 [HIGH] CVE-2023-40476: gst-plugins-bad1.0 - GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnera...
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21768.
Scope: local
bookworm: resolved (fixed in 1.22.0-4+deb12u2)
bullseye: resolved (fixed in 1.18.4-3+deb11u2)
forky: resolved (fixed
VulDB
GStreamer Parsing stack-based overflow (ZDI-23-1458 / Nessus ID 310734)
vuldb·2026-04-29·CVSS 8.8
CVE-2023-40476 [HIGH] GStreamer Parsing stack-based overflow (ZDI-23-1458 / Nessus ID 310734)
A vulnerability was found in GStreamer. It has been declared as critical. Affected by this issue is some unknown functionality of the component Parsing. Executing a manipulation can lead to stack-based buffer overflow.
This vulnerability is handled as CVE-2023-40476. The attack can be executed remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
GHSA
GHSA-jh94-w345-vcxj: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ghsa_unreviewed·2024-05-03
CVE-2023-40476 [HIGH] CWE-121 GHSA-jh94-w345-vcxj: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21768.
OSV
CVE-2023-40476: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
osv·2024-05-03·CVSS 8.8
CVE-2023-40476 [HIGH] CVE-2023-40476: GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21768.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gstreamer.freedesktop.org/security/sa-2023-0008.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-23-1458/https://gstreamer.freedesktop.org/security/sa-2023-0008.htmlhttps://lists.debian.org/debian-lts-announce/2023/10/msg00038.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-23-1458/
2024-05-03
Published