INFSA-2024:11345: gstreamer1-plugins-base security update
Information about definition
Identificator: INFSA-2024:11345
Type: security
Release date: 2025-06-26 18:47:29 UTC
Information about package
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.
Vulnerabilities description
- CVE-2024-47538
A flaw was found in the Vorbis decoder in the GStreamer library. Processing a specially crafted input file can cause a stack-based buffer overflow in the Vorbis decoder due to improper input validation, resulting in unexpected behavior or, most likely, an application crash.
- CVE-2024-47607
A flaw was found in the GStreamer library. A stack buffer overflow in the Opus decoder can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash.
- CVE-2024-47615
A flaw was found in the GStreamer library. An out-of-bounds write in the Ogg demuxer can cause crashes for certain input files. This vulnerability allows a malicious third party to trigger out-of-bounds writes that can result in the application's crash or possibly allow code execution through heap manipulation.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-47538
|
no information | 8.8 | no information |
|
NIST — CVE-2024-47607
|
no information | 9.8 | no information |
|
NIST — CVE-2024-47615
|
no information | 9.8 | no information |
Updated packages