Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47539 (GCVE-0-2024-47539)
Vulnerability from cvelistv5 – Published: 2024-12-11 18:53 – Updated: 2025-11-03 20:39
VLAI?
EPSS
Title
GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a
Summary
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | x_refsource_MISC |
| https://gstreamer.freedesktop.org/security/sa-202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47539",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T21:41:01.424458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:41:10.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:39:36.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 \u003c ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop\u0027s expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:53:00.750Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
}
],
"source": {
"advisory": "GHSA-c89v-2mmr-7cr9",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47539",
"datePublished": "2024-12-11T18:53:00.750Z",
"dateReserved": "2024-09-25T21:46:10.930Z",
"dateUpdated": "2025-11-03T20:39:36.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-47539",
"date": "2026-05-20",
"epss": "0.00442",
"percentile": "0.63485"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.24.10\", \"matchCriteriaId\": \"82BF8403-8CE2-4AFC-865F-FD40A77D20E0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 \u003c ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop\u0027s expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.\"}, {\"lang\": \"es\", \"value\": \"GStreamer es una librer\\u00eda para construir gr\\u00e1ficos de componentes de manejo de medios. Se identific\\u00f3 una vulnerabilidad de escritura fuera de los l\\u00edmites en la funci\\u00f3n convert_to_s334_1a en isomp4/qtdemux.c. La vulnerabilidad surge debido a una discrepancia entre el tama\\u00f1o de la memoria asignada a la matriz de almacenamiento y la condici\\u00f3n del bucle i * 2 \u0026lt; ccpair_size. Espec\\u00edficamente, cuando ccpair_size es par, el tama\\u00f1o asignado en el almacenamiento no coincide con los l\\u00edmites esperados del bucle, lo que resulta en una escritura fuera de los l\\u00edmites. Este error permite la sobrescritura de hasta 3 bytes m\\u00e1s all\\u00e1 de los l\\u00edmites asignados de la matriz de almacenamiento. Esta vulnerabilidad se corrigi\\u00f3 en 1.24.10.\"}]",
"id": "CVE-2024-47539",
"lastModified": "2024-12-18T21:52:56.307",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-12-12T02:03:28.203",
"references": "[{\"url\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://gstreamer.freedesktop.org/security/sa-2024-0007.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47539\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-12-12T02:03:28.203\",\"lastModified\":\"2026-03-17T15:52:33.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 \u003c ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop\u0027s expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.\"},{\"lang\":\"es\",\"value\":\"GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se identific\u00f3 una vulnerabilidad de escritura fuera de los l\u00edmites en la funci\u00f3n convert_to_s334_1a en isomp4/qtdemux.c. La vulnerabilidad surge debido a una discrepancia entre el tama\u00f1o de la memoria asignada a la matriz de almacenamiento y la condici\u00f3n del bucle i * 2 \u0026lt; ccpair_size. Espec\u00edficamente, cuando ccpair_size es par, el tama\u00f1o asignado en el almacenamiento no coincide con los l\u00edmites esperados del bucle, lo que resulta en una escritura fuera de los l\u00edmites. Este error permite la sobrescritura de hasta 3 bytes m\u00e1s all\u00e1 de los l\u00edmites asignados de la matriz de almacenamiento. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.10\",\"matchCriteriaId\":\"1B92A50A-2A86-49C9-9E3E-CE01EBC1987B\"}]}]}],\"references\":[{\"url\":\"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://gstreamer.freedesktop.org/security/sa-2024-0007.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47539\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-11T21:41:01.424458Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-11T21:41:06.958Z\"}}], \"cna\": {\"title\": \"GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a\", \"source\": {\"advisory\": \"GHSA-c89v-2mmr-7cr9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"gstreamer\", \"product\": \"gstreamer\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.24.10\"}]}], \"references\": [{\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/\", \"name\": \"https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch\", \"name\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://gstreamer.freedesktop.org/security/sa-2024-0007.html\", \"name\": \"https://gstreamer.freedesktop.org/security/sa-2024-0007.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 \u003c ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop\u0027s expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-12-11T18:53:00.750Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47539\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-11T21:41:10.528Z\", \"dateReserved\": \"2024-09-25T21:46:10.930Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-12-11T18:53:00.750Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0661
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 25.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": " AppDynamics On-Premise Enterprise Console versions ant\u00e9rieures \u00e0 25.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21543"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-47601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47601"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2024-47544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47544"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2024-47545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47545"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-4761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4761"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2024-47596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47596"
},
{
"name": "CVE-2022-48285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2024-47602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47602"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-47541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47541"
},
{
"name": "CVE-2024-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47774"
},
{
"name": "CVE-2023-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50186"
},
{
"name": "CVE-2024-47599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47599"
},
{
"name": "CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-0833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0833"
},
{
"name": "CVE-2024-47542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47542"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21531"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2024-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47546"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27888"
},
{
"name": "CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2024-52979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52979"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2023-6992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6992"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2024-47778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47778"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-47777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47777"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2024-47543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47543"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-47600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47600"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2024-47835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47835"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2024-47597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47597"
},
{
"name": "CVE-2025-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21520"
},
{
"name": "CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2024-47598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47598"
},
{
"name": "CVE-2024-47603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47603"
},
{
"name": "CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21518"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2024-47776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47776"
},
{
"name": "CVE-2024-47834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47834"
},
{
"name": "CVE-2024-47775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47775"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0661",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0802",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0802"
},
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0801",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0801"
}
]
}
CERTFR-2025-AVI-0661
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 25.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": " AppDynamics On-Premise Enterprise Console versions ant\u00e9rieures \u00e0 25.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21543"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-47601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47601"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2024-47544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47544"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2024-47545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47545"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-4761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4761"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2024-47596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47596"
},
{
"name": "CVE-2022-48285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2024-47602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47602"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-47541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47541"
},
{
"name": "CVE-2024-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47774"
},
{
"name": "CVE-2023-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50186"
},
{
"name": "CVE-2024-47599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47599"
},
{
"name": "CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-0833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0833"
},
{
"name": "CVE-2024-47542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47542"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21531"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2024-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47546"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27888"
},
{
"name": "CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2024-52979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52979"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2023-6992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6992"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2024-47778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47778"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-47777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47777"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2024-47543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47543"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-47600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47600"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2024-47835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47835"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2024-47597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47597"
},
{
"name": "CVE-2025-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21520"
},
{
"name": "CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2024-47598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47598"
},
{
"name": "CVE-2024-47603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47603"
},
{
"name": "CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21518"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2024-47776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47776"
},
{
"name": "CVE-2024-47834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47834"
},
{
"name": "CVE-2024-47775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47775"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0661",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0802",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0802"
},
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0801",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0801"
}
]
}
alsa-2024:11122
Vulnerability from osv_almalinux
Published
2024-12-16 00:00
Modified
2024-12-23 08:18
Summary
Important: gstreamer1-plugins-good security update
Details
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
- gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
- gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
- gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
- gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
- gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "gstreamer1-plugins-good"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.1-3.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "gstreamer1-plugins-good-gtk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.1-3.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. \n\nSecurity Fix(es): \n\n * gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n * gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n * gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n * gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n * gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:11122",
"modified": "2024-12-23T08:18:58Z",
"published": "2024-12-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331719"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331722"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331726"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331753"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331760"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-11122.html"
}
],
"related": [
"CVE-2024-47540",
"CVE-2024-47537",
"CVE-2024-47539",
"CVE-2024-47613",
"CVE-2024-47606"
],
"summary": "Important: gstreamer1-plugins-good security update"
}
alsa-2024:11299
Vulnerability from osv_almalinux
Published
2024-12-17 00:00
Modified
2024-12-18 12:41
Summary
Important: gstreamer1-plugins-good security update
Details
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
- gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
- gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
- gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
- gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
- gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gstreamer1-plugins-good"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-5.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gstreamer1-plugins-good-gtk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-5.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. \n\nSecurity Fix(es): \n\n * gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n * gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n * gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n * gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n * gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:11299",
"modified": "2024-12-18T12:41:06Z",
"published": "2024-12-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:11299"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331719"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331722"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331726"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331753"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331760"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-11299.html"
}
],
"related": [
"CVE-2024-47540",
"CVE-2024-47537",
"CVE-2024-47539",
"CVE-2024-47613",
"CVE-2024-47606"
],
"summary": "Important: gstreamer1-plugins-good security update"
}
BDU:2024-11335
Vulnerability from fstec - Published: 25.09.2024
VLAI Severity ?
Title
Уязвимость функции convert_to_s334_1a мультимедийного фреймворка Gstreamer, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость мультимедийного фреймворка Gstreamer связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Сообщество GStreamer, АО "НППКТ", ООО «НЦПР», ООО «Открытая мобильная платформа»
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Gstreamer, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), МСВСфера, ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 1.8 (Astra Linux Special Edition), 9.4 Extended Update Support (Red Hat Enterprise Linux), до 1.24.10 (Gstreamer), до 2.13 (ОСОН ОСнова Оnyx), 9.5 (МСВСфера), до 5.1.5 включительно (ОС Аврора)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для GStreamer:
https://gstreamer.freedesktop.org/security/sa-2024-0007.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2024-47539
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-47539
Для РЕД ОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091
Обновление программного обеспечения gst-plugins-good1.0 до версии 1.18.4-2+deb11u3
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.22.1-1ubuntu1.2astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.18.4-1astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.18.4-1astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47
Для ОС Аврора: https://cve.omp.ru/bb30515
Reference
https://security-tracker.debian.org/tracker/CVE-2024-47539
https://access.redhat.com/security/cve/cve-2024-47539
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch
https://gstreamer.freedesktop.org/security/sa-2024-0007.html
https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.13/
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE85
https://cve.omp.ru/bb30515
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e GStreamer, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 1.8 (Astra Linux Special Edition), 9.4 Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e 1.24.10 (Gstreamer), \u0434\u043e 2.13 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430), \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f GStreamer:\nhttps://gstreamer.freedesktop.org/security/sa-2024-0007.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2024-47539\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-47539\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f gst-plugins-good1.0 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.18.4-2+deb11u3\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.22.1-1ubuntu1.2astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.18.4-1astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.18.4-1astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430: https://cve.omp.ru/bb30515",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.12.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-11335",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-47539",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Gstreamer, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.2 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9.4 Extended Update Support , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.13 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 convert_to_s334_1a \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0433\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Gstreamer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0433\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Gstreamer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://security-tracker.debian.org/tracker/CVE-2024-47539\nhttps://access.redhat.com/security/cve/cve-2024-47539\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch\t\nhttps://gstreamer.freedesktop.org/security/sa-2024-0007.html\t\nhttps://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.13/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE85\nhttps://cve.omp.ru/bb30515",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)"
}
FKIE_CVE-2024-47539
Vulnerability from fkie_nvd - Published: 2024-12-12 02:03 - Updated: 2026-03-17 15:52
Severity ?
Summary
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch | Patch | |
| security-advisories@github.com | https://gstreamer.freedesktop.org/security/sa-2024-0007.html | Release Notes | |
| security-advisories@github.com | https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B92A50A-2A86-49C9-9E3E-CE01EBC1987B",
"versionEndExcluding": "1.24.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 \u003c ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop\u0027s expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10."
},
{
"lang": "es",
"value": "GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se identific\u00f3 una vulnerabilidad de escritura fuera de los l\u00edmites en la funci\u00f3n convert_to_s334_1a en isomp4/qtdemux.c. La vulnerabilidad surge debido a una discrepancia entre el tama\u00f1o de la memoria asignada a la matriz de almacenamiento y la condici\u00f3n del bucle i * 2 \u0026lt; ccpair_size. Espec\u00edficamente, cuando ccpair_size es par, el tama\u00f1o asignado en el almacenamiento no coincide con los l\u00edmites esperados del bucle, lo que resulta en una escritura fuera de los l\u00edmites. Este error permite la sobrescritura de hasta 3 bytes m\u00e1s all\u00e1 de los l\u00edmites asignados de la matriz de almacenamiento. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10."
}
],
"id": "CVE-2024-47539",
"lastModified": "2026-03-17T15:52:33.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-12T02:03:28.203",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2024:14586-1
Vulnerability from csaf_opensuse - Published: 2024-12-16 00:00 - Updated: 2024-12-16 00:00Summary
gstreamer-plugins-good-1.24.10-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: gstreamer-plugins-good-1.24.10-3.1 on GA media
Description of the patch: These are all security issues fixed in the gstreamer-plugins-good-1.24.10-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14586
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://www.suse.com/security/cve/CVE-2024-47539/ | self |
| https://www.suse.com/security/cve/CVE-2024-47543/ | self |
| https://www.suse.com/security/cve/CVE-2024-47539 | external |
| https://bugzilla.suse.com/1234417 | external |
| https://www.suse.com/security/cve/CVE-2024-47543 | external |
| https://bugzilla.suse.com/1234462 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gstreamer-plugins-good-1.24.10-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gstreamer-plugins-good-1.24.10-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14586",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14586-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14586-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VA7KHMN2HFQR3FAIRY63QCQKG6UT7ERD/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14586-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VA7KHMN2HFQR3FAIRY63QCQKG6UT7ERD/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47543 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47543/"
}
],
"title": "gstreamer-plugins-good-1.24.10-3.1 on GA media",
"tracking": {
"current_release_date": "2024-12-16T00:00:00Z",
"generator": {
"date": "2024-12-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14586-1",
"initial_release_date": "2024-12-16T00:00:00Z",
"revision_history": [
{
"date": "2024-12-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-extra-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-jack-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-lang-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-32bit-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-extra-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-gtk-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-jack-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-lang-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-extra-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-jack-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-lang-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47539"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 \u003c ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop\u0027s expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47539",
"url": "https://www.suse.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "SUSE Bug 1234417 for CVE-2024-47539",
"url": "https://bugzilla.suse.com/1234417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47539"
},
{
"cve": "CVE-2024-47543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47543"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47543",
"url": "https://www.suse.com/security/cve/CVE-2024-47543"
},
{
"category": "external",
"summary": "SUSE Bug 1234462 for CVE-2024-47543",
"url": "https://bugzilla.suse.com/1234462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-3.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47543"
}
]
}
RHSA-2024:11119
Vulnerability from csaf_redhat - Published: 2024-12-16 16:08 - Updated: 2026-03-19 17:24Summary
Red Hat Security Advisory: gstreamer1-plugins-good security update
Severity
Important
Notes
Topic: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
8.4 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
9.8 (Critical)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.
6.5 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:11119 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-47537 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47537 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47537 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47539 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47539 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47539 | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47540 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47540 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47540 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47606 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47606 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47606 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47613 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n\n* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n\n* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n\n* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n\n* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11119",
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11119.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-good security update",
"tracking": {
"current_release_date": "2026-03-19T17:24:35+00:00",
"generator": {
"date": "2026-03-19T17:24:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:11119",
"initial_release_date": "2024-12-16T16:08:29+00:00",
"revision_history": [
{
"date": "2024-12-16T16:08:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-16T16:08:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T17:24:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:01.738365+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer\u0027s sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "RHBZ#2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
}
],
"release_date": "2024-12-11T18:51:56.158000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c"
},
{
"cve": "CVE-2024-47539",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:17.648621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331726"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "RHBZ#2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
}
],
"release_date": "2024-12-11T18:53:00.750000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a"
},
{
"cve": "CVE-2024-47540",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-12-11T19:00:50.751428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the Matroska/WebM demuxer. However, this issue still has an Important severity as it allows an attacker hijack the execution flow of the application, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "RHBZ#2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
}
],
"release_date": "2024-12-11T18:54:04.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the Matroska/WebM demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer"
},
{
"cve": "CVE-2024-47606",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-12-11T20:02:25.247273+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331760"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .mov file. However, this issue still has an Important severity as it allows an attacker to trigger an out-of-bounds write to memory allocated in the heap, overwriting critical memory regions, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "RHBZ#2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
}
],
"release_date": "2024-12-11T19:12:40.186000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the MP4/MOV demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
},
{
"cve": "CVE-2024-47613",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-12-11T20:01:56.201771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the gdk-pixbuf decoder. As user interaction is required to trigger is issue and the impact is limited to an application crash, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "RHBZ#2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
}
],
"release_date": "2024-12-11T19:14:02.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the gdk-pixbuf decoder and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
]
}
RHSA-2024:11121
Vulnerability from csaf_redhat - Published: 2024-12-16 16:14 - Updated: 2026-03-19 17:24Summary
Red Hat Security Advisory: gstreamer1-plugins-good security update
Severity
Important
Notes
Topic: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
8.4 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
9.8 (Critical)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.
6.5 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:11121 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-47537 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47537 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47537 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47539 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47539 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47539 | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47540 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47540 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47540 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47606 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47606 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47606 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47613 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n\n* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n\n* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n\n* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n\n* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11121",
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11121.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-good security update",
"tracking": {
"current_release_date": "2026-03-19T17:24:33+00:00",
"generator": {
"date": "2026-03-19T17:24:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:11121",
"initial_release_date": "2024-12-16T16:14:09+00:00",
"revision_history": [
{
"date": "2024-12-16T16:14:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-16T16:14:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T17:24:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:01.738365+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer\u0027s sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "RHBZ#2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
}
],
"release_date": "2024-12-11T18:51:56.158000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c"
},
{
"cve": "CVE-2024-47539",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:17.648621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331726"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "RHBZ#2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
}
],
"release_date": "2024-12-11T18:53:00.750000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a"
},
{
"cve": "CVE-2024-47540",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-12-11T19:00:50.751428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the Matroska/WebM demuxer. However, this issue still has an Important severity as it allows an attacker hijack the execution flow of the application, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "RHBZ#2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
}
],
"release_date": "2024-12-11T18:54:04.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the Matroska/WebM demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer"
},
{
"cve": "CVE-2024-47606",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-12-11T20:02:25.247273+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331760"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .mov file. However, this issue still has an Important severity as it allows an attacker to trigger an out-of-bounds write to memory allocated in the heap, overwriting critical memory regions, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "RHBZ#2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
}
],
"release_date": "2024-12-11T19:12:40.186000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the MP4/MOV demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
},
{
"cve": "CVE-2024-47613",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-12-11T20:01:56.201771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the gdk-pixbuf decoder. As user interaction is required to trigger is issue and the impact is limited to an application crash, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "RHBZ#2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
}
],
"release_date": "2024-12-11T19:14:02.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the gdk-pixbuf decoder and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…