{"id":"MGASA-2024-0215","summary":"Updated 0-plugins-base packages fix security vulnerability","details":"GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution\nVulnerability. This vulnerability allows remote attackers to execute\narbitrary code on affected installations of GStreamer. Interaction with\nthis library is required to exploit this vulnerability but attack\nvectors may vary depending on the implementation. The specific flaw\nexists within the parsing of EXIF metadata. The issue results from the\nlack of proper validation of user-supplied data, which can result in an\ninteger overflow before allocating a buffer. An attacker can leverage\nthis vulnerability to execute code in the context of the current\nprocess. (CVE-2024-4453)\n","modified":"2026-04-16T00:09:46.875229785Z","published":"2024-06-08T16:34:17Z","upstream":["CVE-2024-4453"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0215.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33259"},{"type":"WEB","url":"https://lwn.net/Articles/976177/"},{"type":"WEB","url":"https://gstreamer.freedesktop.org/security/sa-2024-0002.html"}],"affected":[{"package":{"name":"gstreamer1.0-plugins-base","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/gstreamer1.0-plugins-base?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.11-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0215.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}