{"affected":[{"ecosystem_specific":{"binaries":[{"libgstphotography-1_0-0":"1.20.1-150400.3.9.1","libgstplay-1_0-0":"1.20.1-150400.3.9.1","libgstplayer-1_0-0":"1.20.1-150400.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","name":"gstreamer-plugins-bad","purl":"pkg:rpm/suse/gstreamer-plugins-bad&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.1-150400.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gstreamer-plugins-bad":"1.20.1-150400.3.9.1","gstreamer-plugins-bad-chromaprint":"1.20.1-150400.3.9.1","gstreamer-plugins-bad-devel":"1.20.1-150400.3.9.1","gstreamer-plugins-bad-lang":"1.20.1-150400.3.9.1","libgstadaptivedemux-1_0-0":"1.20.1-150400.3.9.1","libgstbadaudio-1_0-0":"1.20.1-150400.3.9.1","libgstbasecamerabinsrc-1_0-0":"1.20.1-150400.3.9.1","libgstcodecparsers-1_0-0":"1.20.1-150400.3.9.1","libgstcodecs-1_0-0":"1.20.1-150400.3.9.1","libgstinsertbin-1_0-0":"1.20.1-150400.3.9.1","libgstisoff-1_0-0":"1.20.1-150400.3.9.1","libgstmpegts-1_0-0":"1.20.1-150400.3.9.1","libgstsctp-1_0-0":"1.20.1-150400.3.9.1","libgsturidownloader-1_0-0":"1.20.1-150400.3.9.1","libgstva-1_0-0":"1.20.1-150400.3.9.1","libgstvulkan-1_0-0":"1.20.1-150400.3.9.1","libgstwayland-1_0-0":"1.20.1-150400.3.9.1","libgstwebrtc-1_0-0":"1.20.1-150400.3.9.1","typelib-1_0-GstBadAudio-1_0":"1.20.1-150400.3.9.1","typelib-1_0-GstCodecs-1_0":"1.20.1-150400.3.9.1","typelib-1_0-GstInsertBin-1_0":"1.20.1-150400.3.9.1","typelib-1_0-GstMpegts-1_0":"1.20.1-150400.3.9.1","typelib-1_0-GstPlay-1_0":"1.20.1-150400.3.9.1","typelib-1_0-GstPlayer-1_0":"1.20.1-150400.3.9.1","typelib-1_0-GstWebRTC-1_0":"1.20.1-150400.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP4","name":"gstreamer-plugins-bad","purl":"pkg:rpm/suse/gstreamer-plugins-bad&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.1-150400.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libgsttranscoder-1_0-0":"1.20.1-150400.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP4","name":"gstreamer-plugins-bad","purl":"pkg:rpm/suse/gstreamer-plugins-bad&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.1-150400.3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for gstreamer-plugins-bad fixes the following issues:\n\n- CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796).\n- CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793).\n","id":"SUSE-SU-2023:4575-1","modified":"2023-11-27T08:29:33Z","published":"2023-11-27T08:29:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234575-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215793"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215796"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40474"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40476"}],"related":["CVE-2023-40474","CVE-2023-40476"],"summary":"Security update for gstreamer-plugins-bad","upstream":["CVE-2023-40474","CVE-2023-40476"]}