Mageia Advisory: MGASA-2025-0040 - Updated gstreamer1.0, gstreamer1.0-plugins-base & gstreamer1.0-plugins-good packages fix security vulnerabilities

Updated gstreamer1.0, gstreamer1.0-plugins-base & gstreamer1.0-plugins-good packages fix security vulnerabilities

Publication date: 06 Feb 2025
Modification date: 06 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47537 , CVE-2024-47538 , CVE-2024-47539 , CVE-2024-47540 , CVE-2024-47541 , CVE-2024-47542 , CVE-2024-47543 , CVE-2024-47544 , CVE-2024-47545 , CVE-2024-47546 , CVE-2024-47596 , CVE-2024-47597 , CVE-2024-47598 , CVE-2024-47599 , CVE-2024-47600 , CVE-2024-47601 , CVE-2024-47602

Description

GStreamer has an OOB-write in isomp4/qtdemux.c. (CVE-2024-47537)
GStreamer has a stack-buffer overflow in
vorbis_handle_identification_packet. (CVE-2024-47538)
GStreamer has an OOB-write in convert_to_s334_1a. (CVE-2024-47539)
GStreamer uses uninitialized stack memory in Matroska/WebM demuxer.
(CVE-2024-47540)
GStreamer has an out-of-bounds write in SSA subtitle parser.
(CVE-2024-47541)
GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference.
(CVE-2024-47542)
GStreamer has an OOB-read in qtdemux_parse_container. (CVE-2024-47543)
GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC
handling. (CVE-2024-47544)
GStreamer has an integer underflow in FOURCC_strf parsing leading to
OOB-read. (CVE-2024-47545)
GStreamer has an integer underflow in extract_cc_from_data leading to
OOB-read. (CVE-2024-47546)
GStreamer has an OOB-read in FOURCC_SMI_ parsing. (CVE-2024-47596)
GStreamer has an OOB-read in qtdemux_parse_samples. (CVE-2024-47597)
GStreamer has an OOB-read in qtdemux_merge_sample_table.
(CVE-2024-47598)
GStreamer Insufficient error handling in JPEG decoder that can lead to
NULL-pointer dereferences. (CVE-2024-47599)
GStreamer has an OOB-read in format_channel_mask. (CVE-2024-47600)
GStreamer has a NULL-pointer dereference in Matroska/WebM demuxer.
(CVE-2024-47601)
GStreamer NULL-pointer dereferences and out-of-bounds reads in
Matroska/WebM demuxer. (CVE-2024-47602)
GStreamer NULL-pointer dereference in Matroska/WebM demuxer.
(CVE-2024-47603)
GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that
can lead to out-of-bounds writes. (CVE-2024-47606)
Stack-buffer overflow in gst_opus_dec_parse_header. (CVE-2024-47607)
GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush.
(CVE-2024-47613)
GStreamer has an out-of-bounds write in Ogg demuxer. (CVE-2024-47615)
GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk.
(CVE-2024-47774)
GStreamer has an OOB-read in parse_ds64. (CVE-2024-47775)
GStreamer has a OOB-read in gst_wavparse_cue_chunk. (CVE-2024-47776)
GStreamer has an OOB-read in gst_wavparse_smpl_chunk. (CVE-2024-47777)
GStreamer has an OOB-read in gst_wavparse_adtl_chunk. (CVE-2024-47778)
Gstreamer Use-After-Free read in Matroska CodecPrivate. (CVE-2024-47834)
Gstreamer NULL-pointer dereference in LRC subtitle parser.
(CVE-2024-47835)

References

SRPMS

9/core

gstreamer1.0-1.22.11-1.1.mga9
gstreamer1.0-plugins-base-1.22.11-1.2.mga9
gstreamer1.0-plugins-good-1.22.11-1.1.mga9

Advisories » MGASA-2025-0040

Updated gstreamer1.0, gstreamer1.0-plugins-base & gstreamer1.0-plugins-good packages fix security vulnerabilities

Description

References

SRPMS

9/core