usn-7807-1
Vulnerability from osv_ubuntu
Published
2025-10-07 03:19
Modified
2026-06-25 10:46
Summary
gst-plugins-base1.0 vulnerabilities
Details

Michael Randrianantenaina discovered that GStreamer Base Plugins did not correctly handle certain integer operations. An attacker could possibly use this issue to execute arbitrary code. (CVE-2023-37327, CVE-2024-4453)

Michael Randrianantenaina discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-37328)

Antonio Morales discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-47538)

Antonio Morales discovered that GStreamer Base Plugins did not correctly handle parsing certain inputs, which could lead to an out-of-bounds access vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-47541, CVE-2024-47615)

Antonio Morales discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-47542, CVE-2024-47607, CVE-2024-47835)

Antonio Morales discovered that GStreamer Base Plugins did not correctly handle parsing certain inputs, which could lead to an out-of-bounds access vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-47600)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2023-37327",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-4453",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47538",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47541",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47542",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47607",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47615",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47835",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "gir1.2-gst-plugins-base-1.0",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
          },
          {
            "binary_name": "gstreamer1.0-alsa",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
          },
          {
            "binary_name": "gstreamer1.0-plugins-base",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
          },
          {
            "binary_name": "gstreamer1.0-plugins-base-apps",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
          },
          {
            "binary_name": "gstreamer1.0-x",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
          },
          {
            "binary_name": "libgstreamer-plugins-base1.0-0",
            "binary_version": "1.8.3-1ubuntu0.3+esm2"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "gst-plugins-base1.0",
        "purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.3-1ubuntu0.3+esm2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.6.0-1ubuntu1",
        "1.6.1-1ubuntu1",
        "1.6.2-1ubuntu1",
        "1.7.1-1ubuntu1",
        "1.7.2-1ubuntu1",
        "1.7.90-1ubuntu1",
        "1.7.91-1ubuntu1",
        "1.8.0-1ubuntu1",
        "1.8.1-1ubuntu0.1",
        "1.8.2-1ubuntu0.1",
        "1.8.2-1ubuntu0.2",
        "1.8.3-1ubuntu0.1",
        "1.8.3-1ubuntu0.2",
        "1.8.3-1ubuntu0.3",
        "1.8.3-1ubuntu0.3+esm1"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2023-37327",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-37328",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-4453",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47538",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47541",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47542",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47600",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47607",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47615",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-47835",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                  "type": "CVSS_V4"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "gir1.2-gst-plugins-base-1.0",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
          },
          {
            "binary_name": "gstreamer1.0-alsa",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
          },
          {
            "binary_name": "gstreamer1.0-gl",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
          },
          {
            "binary_name": "gstreamer1.0-plugins-base",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
          },
          {
            "binary_name": "gstreamer1.0-plugins-base-apps",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
          },
          {
            "binary_name": "gstreamer1.0-x",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
          },
          {
            "binary_name": "libgstreamer-gl1.0-0",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
          },
          {
            "binary_name": "libgstreamer-plugins-base1.0-0",
            "binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "gst-plugins-base1.0",
        "purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.12.3-1",
        "1.12.4-1",
        "1.13.1-1ubuntu1",
        "1.13.91-1ubuntu1",
        "1.14.0-1ubuntu1",
        "1.14.0-2ubuntu1",
        "1.14.1-1ubuntu1~ubuntu18.04.1",
        "1.14.1-1ubuntu1~ubuntu18.04.2",
        "1.14.4-1ubuntu1.1~ubuntu18.04.1",
        "1.14.5-0ubuntu1~18.04.1",
        "1.14.5-0ubuntu1~18.04.2",
        "1.14.5-0ubuntu1~18.04.3"
      ]
    }
  ],
  "aliases": [],
  "details": "Michael Randrianantenaina discovered that GStreamer Base Plugins did not\ncorrectly handle certain integer operations. An attacker could possibly\nuse this issue to execute arbitrary code. (CVE-2023-37327, CVE-2024-4453)\n\nMichael Randrianantenaina discovered that GStreamer Base Plugins did not\ncorrectly handle certain memory operations. An attacker could possibly\nuse this issue to execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS. (CVE-2023-37328)\n\nAntonio Morales discovered that GStreamer Base Plugins did not correctly\nhandle certain memory operations. An attacker could possibly use this\nissue to execute arbitrary code. (CVE-2024-47538)\n\nAntonio Morales discovered that GStreamer Base Plugins did not correctly\nhandle parsing certain inputs, which could lead to an out-of-bounds access\nvulnerability. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. (CVE-2024-47541, CVE-2024-47615)\n\nAntonio Morales discovered that GStreamer Base Plugins did not correctly\nhandle certain memory operations. An attacker could possibly use this\nissue to cause a denial of service. (CVE-2024-47542, CVE-2024-47607,\nCVE-2024-47835)\n\nAntonio Morales discovered that GStreamer Base Plugins did not correctly\nhandle parsing certain inputs, which could lead to an out-of-bounds access\nvulnerability. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS. (CVE-2024-47600)",
  "id": "USN-7807-1",
  "modified": "2026-06-25T10:46:58Z",
  "published": "2025-10-07T03:19:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-7807-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-37327"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-37328"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-4453"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-47538"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-47541"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-47542"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-47600"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-47607"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-47615"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-47835"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "gst-plugins-base1.0 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2023-37327",
    "UBUNTU-CVE-2023-37328",
    "UBUNTU-CVE-2024-4453",
    "UBUNTU-CVE-2024-47538",
    "UBUNTU-CVE-2024-47541",
    "UBUNTU-CVE-2024-47542",
    "UBUNTU-CVE-2024-47600",
    "UBUNTU-CVE-2024-47607",
    "UBUNTU-CVE-2024-47615",
    "UBUNTU-CVE-2024-47835"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…