Alpine: multiple gst-plugins-ugly packages: security update to 1.22.5-r0

high Tenable Cloud Security Plugin ID 408036

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability
allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with
this library is required to exploit this vulnerability but attack vectors may vary depending on the
implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the
lack of proper validation of user-supplied data, which can result in an integer overflow before allocating
a buffer. An attacker can leverage this vulnerability to execute code in the context of the current
process. Was ZDI-CAN-21443. (CVE-2023-38103)

- GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability
allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with
this library is required to exploit this vulnerability but attack vectors may vary depending on the
implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the
lack of proper validation of user-supplied data, which can result in an integer overflow before allocating
a buffer. An attacker can leverage this vulnerability to execute code in the context of the current
process. Was ZDI-CAN-21444. (CVE-2023-38104)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-38103

https://security.alpinelinux.org/vuln/CVE-2023-38104

Plugin Details

Severity: High

ID: 408036

Version: Revision 1.18

Type: Local

Published: 11/17/2023

Updated: 6/24/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-38104

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/3/2024

Reference Information

CVE: CVE-2023-38103, CVE-2023-38104