INFSA-2025:7243: gstreamer1-plugins-base security update
Information about definition
Identificator: INFSA-2025:7243
Type: security
Release date: 2025-06-10 11:39:32 UTC
Information about package
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.
Vulnerabilities description
- CVE-2024-47541
A flaw was found in the GStreamer library. An out-of-bounds write in the SSA subtitle parser can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash.
- CVE-2024-47542
A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
- CVE-2024-47600
A flaw was found in the GStreamer library. An out-of-bounds read in the gst-discoverer-1.0 command line tool can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash. This issue only affects the gst-discoverer-1.0 command line tool and not any other applications using GStreamer.
- CVE-2024-47835
A flaw was found in the GStreamer library. A NULL-pointer dereference in the LRC subtitle parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-47541
|
no information | 6.2 | no information |
|
NIST — CVE-2024-47542
|
no information | 6.2 | no information |
|
NIST — CVE-2024-47600
|
no information | 5.1 | no information |
|
NIST — CVE-2024-47835
|
no information | 5.5 | no information |
Updated packages