Updated gstreamer1.0 packages fix vulnerability
Publication date: 10 Apr 2024Modification date: 10 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0444
Description
Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9 It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.
References
SRPMS
9/core
- gstreamer1.0-1.22.11-1.mga9
- gstreamer1.0-devtools-1.22.11-1.mga9
- gstreamer1.0-editing-services-1.22.11-1.mga9
- gstreamer1.0-libav-1.22.11-1.mga9
- gstreamer1.0-moodbar-1.3.0-1.mga9
- gstreamer1.0-omx-1.22.11-1.mga9
- gstreamer1.0-plugins-bad-1.22.11-1.mga9
- gstreamer1.0-plugins-base-1.22.11-1.mga9
- gstreamer1.0-plugins-good-1.22.11-1.mga9
- gstreamer1.0-plugins-ugly-1.22.11-1.mga9
- gstreamer1.0-python-1.22.11-1.mga9
- gstreamer1.0-rtsp-server-1.22.11-1.mga9
- gstreamer1.0-vaapi-1.22.11-1.mga9
9/tainted
- gstreamer1.0-plugins-bad-1.22.11-1.mga9.tainted
- gstreamer1.0-plugins-ugly-1.22.11-1.mga9.tainted