Security Advisory 2023-0007
||Integer overflow leading to heap overwrite in MXF file handling with AES3 audio
||GStreamer gst-plugins-bad < 1.22.6
Heap-based buffer overflow in the MXF file demuxer when handling malformed files with AES3 audio in GStreamer versions before 1.22.6
It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.
The GStreamer project
CVE Database Entries
GStreamer 1.22.6 release
(includes patch for SA-2023-0006 / ZDI-CAN-21660 / CVE-2023-40474)