Advisories » MGASA-2024-0119

Updated gstreamer1.0 packages fix vulnerability

Publication date: 10 Apr 2024
Modification date: 10 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0444

Description

Heap-based buffer overflow in the AV1 codec parser when handling certain
malformed streams before GStreamer 1.22.9
It is possible for a malicious third party to trigger a crash in the
application, and possibly also effect code execution through heap
manipulation.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33044
• https://gstreamer.freedesktop.org/security/sa-2024-0001.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0444

SRPMS

9/tainted

• gstreamer1.0-plugins-bad-1.22.11-1.mga9.tainted
• gstreamer1.0-plugins-ugly-1.22.11-1.mga9.tainted

9/core

• gstreamer1.0-1.22.11-1.mga9
• gstreamer1.0-devtools-1.22.11-1.mga9
• gstreamer1.0-editing-services-1.22.11-1.mga9
• gstreamer1.0-libav-1.22.11-1.mga9
• gstreamer1.0-moodbar-1.3.0-1.mga9
• gstreamer1.0-omx-1.22.11-1.mga9
• gstreamer1.0-plugins-bad-1.22.11-1.mga9
• gstreamer1.0-plugins-base-1.22.11-1.mga9
• gstreamer1.0-plugins-good-1.22.11-1.mga9
• gstreamer1.0-plugins-ugly-1.22.11-1.mga9
• gstreamer1.0-python-1.22.11-1.mga9
• gstreamer1.0-rtsp-server-1.22.11-1.mga9
• gstreamer1.0-vaapi-1.22.11-1.mga9