INFSA-2025:7242: gstreamer1-plugins-good security update
Information about definition
Identificator: INFSA-2025:7242
Type: security
Release date: 2025-06-10 11:52:42 UTC
Information about package
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Vulnerabilities description
- CVE-2024-47543
A flaw was found in the GStreamer library. An out-of-bounds read in the MP4/MOV demuxer can lead to crashes for certain input files, potentially allowing a malicious third party to trigger an application crash.
- CVE-2024-47544
A flaw was found in the GStreamer library. Multiple NULL pointer dereferences in the MP4/MOV demuxer's CENC handling can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47545
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer can lead to out-of-bounds reads that may cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47546
A flaw was found in the GStreamer library. Integer underflow in the MP4/MOV demuxer can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47596
A flaw was found in the GStreamer library. An integer underflow due to missing size checks in the MP4/MOV demuxer can lead to out-of-bounds reads and cause crashes for certain input files. This issue can allow a malicious actor to trigger a crash of the application.
- CVE-2024-47597
A flaw was found in the GStreamer library. Multiple out-of-bounds reads in the MP4/MOV demuxer's sample table parsing and a lack of error checking can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47598
A flaw was found in the GStreamer library. When handling raw audio tracks, out-of-bounds reads in the MP4/MOV demuxer's sample table parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47599
A flaw was found in the GStreamer library. Insufficient error handling in the JPEG decoder can lead to NULL-pointer dereferences and cause crashes for certain input files, making it possible for a malicious actor to trigger a crash of the application.
- CVE-2024-47601
A flaw was found in the GStreamer library. A NULL pointer dereference in the Matroska/WebM demuxer can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47602
A flaw was found in the GStreamer library. NULL pointer dereferences and out-of-bounds reads in the Matroska/WebM demuxer can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47603
A flaw was found in the GStreamer library. A NULL pointer dereference in the Matroska/WebM demuxer can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47774
A flaw was found in the GStreamer library. An out-of-bounds read in the gst_avi_subtitle_parse_gab2_chunk function can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash.
- CVE-2024-47775
A flaw was found in the GStreamer library. Various out-of-bounds reads in the WAV parser can cause crashes for certain input files, making it possible for a malicious actor to trigger a crash of the application.
- CVE-2024-47776
A flaw was found in the GStreamer library. Various out-of-bounds reads in the WAV parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47777
A flaw was found in the GStreamer library. Various out-of-bounds reads in the WAV parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47778
A flaw was found in the GStreamer library. Various out-of-bounds reads in the WAV parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
- CVE-2024-47834
A flaw was found in the GStreamer library. A use-after-free in the Matroska demuxer can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-47543
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47544
|
no information | 6.2 | no information |
|
NIST — CVE-2024-47545
|
no information | 6.2 | no information |
|
NIST — CVE-2024-47546
|
no information | 6.2 | no information |
|
NIST — CVE-2024-47596
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47597
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47598
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47599
|
no information | 5.5 | no information |
|
NIST — CVE-2024-47601
|
no information | 5.5 | no information |
|
NIST — CVE-2024-47602
|
no information | 5.5 | no information |
|
NIST — CVE-2024-47603
|
no information | 5.5 | no information |
|
NIST — CVE-2024-47774
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47775
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47776
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47777
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47778
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47834
|
no information | 5.1 | no information |
Updated packages