HCE2-SA-2024-0010 Moderate HCE 2.0 Security Fix(es): A heap-buffer overflow flaw was found in the MXF file demuxer in the GStreamer Plugins Bad when handling malformed files with AES3 audio. This issue requires user interaction with the library and may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code execution via heap manipulation, executing code in the context of the current process. (CVE-2023-40475) A heap-buffer overflow flaw was found in the MXF file demuxer in the GStreamer Plugins Bad when handling malformed files with an uncompressed video. This issue requires user interaction with the library, and could allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code execution via heap manipulation, executing code in the context of the current process. (CVE-2023-40474) A stack-based buffer overflow was found in the GStreamer Plugins Bad when handling malformed files with H.265 video streams. This issue requires user interaction with the library and may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code execution via heap manipulation, executing code in the context of the current process. (CVE-2023-40476) HCE 2.0 gstreamer1-plugins-bad-free-1.16.2-6.hce2.aarch64.rpm gstreamer1-plugins-bad-free-devel-1.16.2-6.hce2.aarch64.rpm gstreamer1-plugins-bad-free-1.16.2-6.hce2.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.16.2-6.hce2.x86_64.rpm