INFSA-2025:7178: gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server security update
Information about definition
Identificator: INFSA-2025:7178
Type: security
Release date: 2025-06-10 11:52:13 UTC
Information about package
The gstreamer1 packages contain a streaming media framework, based on graphs of filters which operate on media data.
Vulnerabilities description
- CVE-2024-4453
A flaw was found in the GStreamer library. This flaw allows a remote attacker to send specially crafted content to the victim, allowing for arbitrary code execution within the context of the affected installation's process. The vulnerability is caused by improper parsing of EXIF metadata and a lack of proper validation of user-supplied data, which triggers an integer overflow.
- CVE-2024-0444
A stack-based buffer overflow flaw was found in GStreamer. This issue may lead to code execution while parsing tile list data within AV1-encoded video files.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-0444
|
no information | 7.5 | no information |
|
NIST — CVE-2024-4453
|
no information | 7.8 | no information |
Updated packages