ZDI-24-467: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability | allinfosecnews.com

May 17, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-4453.

arbitrary code attack attackers attack vectors code code execution cve cve-2024 cves cvss exif exploit implementation integer integer overflow library may metadata overflow parsing rating remote code remote code execution vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-778: Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability 4 days, 13 hours ago | www.zerodayinitiative.com

attackers authentication cvss escalation +14

ZDI-24-777: Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability 4 days, 13 hours ago | www.zerodayinitiative.com

attackers authentication configuration cvss +18

ZDI-24-776: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability 4 days, 13 hours ago | www.zerodayinitiative.com

attacker attackers code controller +24

ZDI-24-670: (0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability 5 days, 13 hours ago | www.zerodayinitiative.com

0day advanced attacker attackers +21

ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability 5 days, 13 hours ago | www.zerodayinitiative.com

0day attackers bypass bypass vulnerability +19

ZDI-24-676: (0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability 5 days, 13 hours ago | www.zerodayinitiative.com

0day attackers authentication bypass +14

ZDI-24-675: (0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability 5 days, 13 hours ago | www.zerodayinitiative.com

0day attackers authentication bypass +16

ZDI-24-674: (0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution … 5 days, 13 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +22

ZDI-24-673: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability 5 days, 13 hours ago | www.zerodayinitiative.com

0day attackers authentication cve +13

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Sales Engineer - Customer Success

@ Arctic Wolf | Eden Prairie

View on infosec-jobs.com

Director, Risk Management Strategy and Operations

@ Amgen | US - California - Thousand Oaks - Field/Remote

View on infosec-jobs.com

Risk Consulting - Protect Tech -Staff-General skill

@ EY | Noida, UP, IN, 201301

View on infosec-jobs.com

Lead Systems Engineer (Tranche 1)

@ The Aerospace Corporation | Chantilly

View on infosec-jobs.com

Lead Systems Engineer (Tranche 3)

@ The Aerospace Corporation | Chantilly

View on infosec-jobs.com