GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21443.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability     allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with     this library is required to exploit this vulnerability but attack vectors may vary depending on the     implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the     lack of proper validation of user-supplied data, which can result in an integer overflow before allocating     a buffer. An attacker can leverage this vulnerability to execute code in the context of the current     process. Was ZDI-CAN-21443. (CVE-2023-38103)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5476 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3226-1 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3247-1 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3222-1 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
226271	Linux Distros Unpatched Vulnerability : CVE-2023-38103	Nessus	Misc.	high
179738	Debian DSA-5476-1 : gst-plugins-ugly1.0 - security update	Nessus	Debian Local Security Checks	high
179588	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-ugly (SUSE-SU-2023:3226-1)	Nessus	SuSE Local Security Checks	high
179575	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-ugly (SUSE-SU-2023:3247-1)	Nessus	SuSE Local Security Checks	high
179434	openSUSE 15 Security Update : gstreamer-plugins-ugly (SUSE-SU-2023:3222-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2023-38103

high

Tenable Plugins

high

high

high

high

high