1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1108973: gst-plugins-bad1.0: CVE-2025-6663

    From Salvatore Bonaccorso@21:1/5 to All on Tue Jul 8 21:20:01 2025
    Source: gst-plugins-bad1.0
    Version: 1.26.2-2
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

    Hi,

    The following vulnerability was published for gst-plugins-bad1.0.

    CVE-2025-6663[0]:
    | GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code
    | Execution Vulnerability. This vulnerability allows remote attackers
    | to execute arbitrary code on affected installations of GStreamer.
    | Interaction with this library is required to exploit this
    | vulnerability but attack vectors may vary depending on the
    | implementation. The specific flaw exists within the parsing of H266
    | sei messages. The issue results from the lack of proper validation
    | of the length of user-supplied data prior to copying it to a fixed-
    | length stack-based buffer. An attacker can leverage this
    | vulnerability to execute code in the context of the current process.
    | Was ZDI-CAN-27381.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-6663
    https://www.cve.org/CVERecord?id=CVE-2025-6663
    [1] https://www.zerodayinitiative.com/advisories/ZDI-25-467/
    [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/596cf19c0c4c92b31c4ef315a0278586b0772b93

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to All on Tue Jul 8 21:30:01 2025
    close 1108973 1.26.3-1
    thanks

    Fixed in experimental.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Thu Jul 10 10:40:02 2025
    This is a multi-part message in MIME format...

    Your message dated Thu, 10 Jul 2025 08:34:24 +0000
    with message-id <[email protected]>
    and subject line Bug#1108973: fixed in gst-plugins-bad1.0 1.26.2-3
    has caused the Debian Bug report #1108973,
    regarding gst-plugins-bad1.0: CVE-2025-6663
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1108973: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108973
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 8 Jul 2025 19:14:44 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-9.6 required=4.0 tests=BAYES_00,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,MD5_SHA1_SUM,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,
    XMAILER_REPORTBUG autolearn=ham autolearn_force=no
    version=4.0.1-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 25; hammy, 150; neutral, 71; spammy,
    0. spammytokens: hammytokens:0.000-+--H*F:U*carnil,
    0.000-+--XDebbugsCc, 0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan,
    0.000-+--H*M:reportbug
    Return-path: <[email protected]>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:54980 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (envelope-from <[email protected]>)