CVE-2023-37327

HIGH Year: 2023
CVSS v3 Score
7.6
High
Weakness Type
CWE-190
View all →

Vulnerability Description

GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775.

Related Vulnerabilities

CVE-2022-1728

HIGH
CVSS:7.6(High)

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine user...

CWE-1902022

CVE-2022-1812

HIGH
CVSS:7.6(High)

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.

CWE-1902022

CVE-2022-1926

HIGH
CVSS:7.6(High)

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.

CWE-1902022

CVE-2011-1298

HIGH
CVSS:7.5(High)

An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.

CWE-1902011

CVE-2012-1610

HIGH
CVSS:7.5(High)

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component coun...

CWE-1902012

CVE-2013-2806

HIGH
CVSS:7.5(High)

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic...

CWE-1902013