Back

Multiple Vulnerabilities in GStreamer Bad Plugins Affect Ubuntu Users

Severity: Medium (Score: 57.9)

Sources: Ubuntu, Linuxsecurity

Summary

Multiple vulnerabilities have been identified in GStreamer Bad Plugins affecting Ubuntu 18.04 LTS and 16.04 LTS. The vulnerabilities include arithmetic overflows and improper memory management, which could allow attackers to crash applications or execute arbitrary code. Specific CVEs associated with these vulnerabilities are CVE-2023-37329, CVE-2023-40474, CVE-2023-40475, CVE-2023-40476, and CVE-2023-44446, all published on 2024-05-03. Additionally, CVE-2025-3887 was published on 2025-05-22, related to the H265 codec plugin. Users are advised to update their systems to mitigate these risks. The vulnerabilities could potentially lead to denial of service attacks. The affected software includes gst-plugins-bad1.0 and its associated libraries. Current status indicates that patches are available for the affected versions. Key Points: • Multiple vulnerabilities in GStreamer Bad Plugins affect Ubuntu 18.04 and 16.04 LTS. • Attackers could exploit these vulnerabilities to crash applications or execute arbitrary code. • Patches are available; users should update their systems to mitigate risks.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2023-37329 (cve)
  • CVE-2023-40474 (cve)
  • CVE-2023-40475 (cve)
  • CVE-2023-40476 (cve)
  • CVE-2023-44446 (cve)
  • Cwe-190 - Integer Overflow Or Wraparound (cwe)
  • Cwe-787 - Out-of-bounds Write (cwe)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed