CVE-2023-50186
published 2024-05-03CVE-2023-50186: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
PriorityP259high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.53%
71.7th percentile
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gst-plugins-bad1.0 | < gst-plugins-bad1.0 1.22.0-4+deb12u4 (bookworm) | gst-plugins-bad1.0 1.22.0-4+deb12u4 (bookworm) |
| gstreamer | gstreamer | < 1.22.8 | 1.22.8 |
| gstreamer | gstreamer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists in the AV1 video parser within GStreamer's gstreamer-plugins-bad. Detection should focus on processing of AV1 encoded video files, specifically metadata parsing where user-supplied length is not validated before copying to a fixed-length stack-based buffer. ↗
- →Attack vector is remote and requires the target to interact with (open/parse) a malformed AV1 encoded video file via an application using the GStreamer AV1 codec plugin (gstreamer-plugins-bad / gstreamer1-plugins-bad-free). ↗
- →Monitor applications using the GStreamer AV1 codec plugin for crashes or unexpected code execution when opening media files — a crash may indicate exploitation attempt or successful exploit. ↗
- ·RHEL 7 and RHEL 8 are NOT affected because their GStreamer versions do not include the AV1 parser; no detection or patching action needed on those platforms. ↗
- ·On Ubuntu, only Ubuntu 22.04 LTS is affected by CVE-2023-50186; other Ubuntu releases are not impacted. ↗
- ·On Debian, the vulnerability is resolved in gstreamer1.0-plugins-bad 1.22.0-4+deb12u4 (bookworm), 1.22.8-1 (forky/trixie/sid). Ensure patched versions are deployed. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
gst-plugins-bad1.0 vulnerabilities
osv·2025-06-05·CVSS 8.8
CVE-2023-50186 [HIGH] gst-plugins-bad1.0 vulnerabilities
gst-plugins-bad1.0 vulnerabilities
It was discovered that the AV1 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444)
It was discovered that the H265 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-3887)
OSV
CVE-2023-50186: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
osv·2024-05-03·CVSS 8.8
CVE-2023-50186 [HIGH] CVE-2023-50186: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
GHSA
GHSA-4rp4-77f3-px46: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ghsa_unreviewed·2024-05-03
CVE-2023-50186 [HIGH] CWE-121 GHSA-4rp4-77f3-px46: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
Ubuntu
GStreamer Bad Plugins vulnerabilities
vendor_ubuntu·2025-06-05·CVSS 8.8
CVE-2023-50186 [HIGH] GStreamer Bad Plugins vulnerabilities
Title: GStreamer Bad Plugins vulnerabilities
Summary: Several security issues were fixed in GStreamer Bad Plugins.
It was discovered that the AV1 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444)
It was discovered that the H265 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-3887)
Instructions: In general, a standard system update will make all the necessar
Red Hat
gstreamer-plugins-bad-free: buffer overflow vulnerability
vendor_redhat·2023-12-22·CVSS 8.8
CVE-2023-50186 [HIGH] CWE-120 gstreamer-plugins-bad-free: buffer overflow vulnerability
gstreamer-plugins-bad-free: buffer overflow vulnerability
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
A buffer overflow vulnerability was found in the gst
Debian
CVE-2023-50186: gst-plugins-bad1.0 - GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vu...
vendor_debian·2023·CVSS 8.8
CVE-2023-50186 [HIGH] CVE-2023-50186: gst-plugins-bad1.0 - GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vu...
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22300.
Scope: local
bookworm: resolved (fixed in 1.22.0-4+deb12u4)
bullseye: resolved
forky: resolved (fixed in 1.22.8-
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-03
Published