Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47613 (GCVE-0-2024-47613)
Vulnerability from cvelistv5 – Published: 2024-12-11 19:14 – Updated: 2025-11-03 20:39
VLAI?
EPSS
Title
GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | x_refsource_MISC |
| https://gstreamer.freedesktop.org/security/sa-202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47613",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:17:34.089687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:17:51.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:39:55.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T21:34:19.223Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
}
],
"source": {
"advisory": "GHSA-qvwm-8ff7-8p2v",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47613",
"datePublished": "2024-12-11T19:14:02.436Z",
"dateReserved": "2024-09-27T20:37:22.120Z",
"dateUpdated": "2025-11-03T20:39:55.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-47613",
"date": "2026-05-20",
"epss": "0.00109",
"percentile": "0.28719"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.24.10\", \"matchCriteriaId\": \"82BF8403-8CE2-4AFC-865F-FD40A77D20E0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.\"}, {\"lang\": \"es\", \"value\": \"GStreamer es una librer\\u00eda para construir gr\\u00e1ficos de componentes de manejo de medios. Se ha detectado un desbordamiento del b\\u00fafer de pila en la funci\\u00f3n vorbis_handle_identification_packet dentro de gstvorbisdec.c. La matriz de posici\\u00f3n es un b\\u00fafer asignado a la pila de tama\\u00f1o 64. Si vd-\u0026gt;vi.channels supera los 64, el bucle for escribir\\u00e1 m\\u00e1s all\\u00e1 de los l\\u00edmites de la matriz de posici\\u00f3n. El valor escrito siempre ser\\u00e1 GST_AUDIO_CHANNEL_POSITION_NONE. Esta vulnerabilidad permite sobrescribir la direcci\\u00f3n EIP asignada en la pila. Adem\\u00e1s, este error puede sobrescribir la estructura de informaci\\u00f3n GstAudioInfo. Esta vulnerabilidad se corrigi\\u00f3 en 1.24.10.\"}]",
"id": "CVE-2024-47613",
"lastModified": "2024-12-19T22:15:06.067",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-12-12T02:03:32.740",
"references": "[{\"url\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://gstreamer.freedesktop.org/security/sa-2024-0025.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47613\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-12-12T02:03:32.740\",\"lastModified\":\"2026-03-17T15:52:33.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.\"},{\"lang\":\"es\",\"value\":\"GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se ha detectado un desbordamiento del b\u00fafer de pila en la funci\u00f3n vorbis_handle_identification_packet dentro de gstvorbisdec.c. La matriz de posici\u00f3n es un b\u00fafer asignado a la pila de tama\u00f1o 64. Si vd-\u0026gt;vi.channels supera los 64, el bucle for escribir\u00e1 m\u00e1s all\u00e1 de los l\u00edmites de la matriz de posici\u00f3n. El valor escrito siempre ser\u00e1 GST_AUDIO_CHANNEL_POSITION_NONE. Esta vulnerabilidad permite sobrescribir la direcci\u00f3n EIP asignada en la pila. Adem\u00e1s, este error puede sobrescribir la estructura de informaci\u00f3n GstAudioInfo. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.10\",\"matchCriteriaId\":\"1B92A50A-2A86-49C9-9E3E-CE01EBC1987B\"}]}]}],\"references\":[{\"url\":\"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://gstreamer.freedesktop.org/security/sa-2024-0025.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:39:55.973Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47613\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-12T14:17:34.089687Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-12T14:17:47.300Z\"}}], \"cna\": {\"title\": \"GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush\", \"source\": {\"advisory\": \"GHSA-qvwm-8ff7-8p2v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"gstreamer\", \"product\": \"gstreamer\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.24.10\"}]}], \"references\": [{\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/\", \"name\": \"https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch\", \"name\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://gstreamer.freedesktop.org/security/sa-2024-0025.html\", \"name\": \"https://gstreamer.freedesktop.org/security/sa-2024-0025.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476: NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-12-19T21:34:19.223Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47613\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:39:55.973Z\", \"dateReserved\": \"2024-09-27T20:37:22.120Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-12-11T19:14:02.436Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2024:11122
Vulnerability from osv_almalinux
Published
2024-12-16 00:00
Modified
2024-12-23 08:18
Summary
Important: gstreamer1-plugins-good security update
Details
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
- gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
- gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
- gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
- gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
- gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "gstreamer1-plugins-good"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.1-3.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "gstreamer1-plugins-good-gtk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.1-3.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. \n\nSecurity Fix(es): \n\n * gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n * gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n * gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n * gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n * gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:11122",
"modified": "2024-12-23T08:18:58Z",
"published": "2024-12-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331719"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331722"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331726"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331753"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331760"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-11122.html"
}
],
"related": [
"CVE-2024-47540",
"CVE-2024-47537",
"CVE-2024-47539",
"CVE-2024-47613",
"CVE-2024-47606"
],
"summary": "Important: gstreamer1-plugins-good security update"
}
alsa-2024:11299
Vulnerability from osv_almalinux
Published
2024-12-17 00:00
Modified
2024-12-18 12:41
Summary
Important: gstreamer1-plugins-good security update
Details
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
- gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
- gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
- gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
- gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
- gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gstreamer1-plugins-good"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-5.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gstreamer1-plugins-good-gtk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-5.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. \n\nSecurity Fix(es): \n\n * gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n * gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n * gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n * gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n * gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:11299",
"modified": "2024-12-18T12:41:06Z",
"published": "2024-12-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:11299"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331719"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331722"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331726"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331753"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331760"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-11299.html"
}
],
"related": [
"CVE-2024-47540",
"CVE-2024-47537",
"CVE-2024-47539",
"CVE-2024-47613",
"CVE-2024-47606"
],
"summary": "Important: gstreamer1-plugins-good security update"
}
BDU:2024-11331
Vulnerability from fstec - Published: 02.10.2024
VLAI Severity ?
Title
Уязвимость функции gst_gdk_pixbuf_dec_flush мультимедийного фреймворка Gstreamer, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции gst_gdk_pixbuf_dec_flush мультимедийного фреймворка Gstreamer связана с разыменованием нулевого указателя NULL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Сообщество GStreamer, АО "НППКТ", ООО «НЦПР», ООО «Открытая мобильная платформа»
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Gstreamer, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), МСВСфера, ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 1.8 (Astra Linux Special Edition), 9.4 Extended Update Support (Red Hat Enterprise Linux), до 1.24.10 (Gstreamer), до 2.13 (ОСОН ОСнова Оnyx), 9.5 (МСВСфера), до 5.1.5 включительно (ОС Аврора)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
https://gstreamer.freedesktop.org/security/sa-2024-0025.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2024-47613
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-47613
Для РЕД ОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091
Обновление программного обеспечения gst-plugins-good1.0 до версии 1.18.4-2+deb11u3
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.22.1-1ubuntu1.2astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.18.4-1astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.18.4-1astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47
Для ОС Аврора: https://cve.omp.ru/bb30515
Reference
https://security-tracker.debian.org/tracker/CVE-2024-47613
https://access.redhat.com/security/cve/cve-2024-47613
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch
https://gstreamer.freedesktop.org/security/sa-2024-0025.html
https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.13/
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE103
https://cve.omp.ru/bb30515
CWE
CWE-476, CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e GStreamer, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 1.8 (Astra Linux Special Edition), 9.4 Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e 1.24.10 (Gstreamer), \u0434\u043e 2.13 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430), \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://gstreamer.freedesktop.org/security/sa-2024-0025.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2024-47613\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-47613\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f gst-plugins-good1.0 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.18.4-2+deb11u3\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.22.1-1ubuntu1.2astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.18.4-1astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.18.4-1astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430: https://cve.omp.ru/bb30515",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.10.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.12.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-11331",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-47613",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Gstreamer, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.2 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9.4 Extended Update Support , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.13 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 gst_gdk_pixbuf_dec_flush \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0433\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Gstreamer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 gst_gdk_pixbuf_dec_flush \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0433\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Gstreamer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://security-tracker.debian.org/tracker/CVE-2024-47613\nhttps://access.redhat.com/security/cve/cve-2024-47613\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch\t\nhttps://gstreamer.freedesktop.org/security/sa-2024-0025.html\t\nhttps://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.13/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE103\nhttps://cve.omp.ru/bb30515",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476, CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)"
}
FKIE_CVE-2024-47613
Vulnerability from fkie_nvd - Published: 2024-12-12 02:03 - Updated: 2026-03-17 15:52
Severity ?
Summary
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch | Patch | |
| security-advisories@github.com | https://gstreamer.freedesktop.org/security/sa-2024-0025.html | Release Notes | |
| security-advisories@github.com | https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B92A50A-2A86-49C9-9E3E-CE01EBC1987B",
"versionEndExcluding": "1.24.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10."
},
{
"lang": "es",
"value": "GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se ha detectado un desbordamiento del b\u00fafer de pila en la funci\u00f3n vorbis_handle_identification_packet dentro de gstvorbisdec.c. La matriz de posici\u00f3n es un b\u00fafer asignado a la pila de tama\u00f1o 64. Si vd-\u0026gt;vi.channels supera los 64, el bucle for escribir\u00e1 m\u00e1s all\u00e1 de los l\u00edmites de la matriz de posici\u00f3n. El valor escrito siempre ser\u00e1 GST_AUDIO_CHANNEL_POSITION_NONE. Esta vulnerabilidad permite sobrescribir la direcci\u00f3n EIP asignada en la pila. Adem\u00e1s, este error puede sobrescribir la estructura de informaci\u00f3n GstAudioInfo. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10."
}
],
"id": "CVE-2024-47613",
"lastModified": "2026-03-17T15:52:33.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-12T02:03:32.740",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
OPENSUSE-SU-2024:14578-1
Vulnerability from csaf_opensuse - Published: 2024-12-13 00:00 - Updated: 2024-12-13 00:00Summary
gstreamer-plugins-good-1.24.10-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: gstreamer-plugins-good-1.24.10-2.1 on GA media
Description of the patch: These are all security issues fixed in the gstreamer-plugins-good-1.24.10-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14578
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
31 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://www.suse.com/security/cve/CVE-2024-47530/ | self |
| https://www.suse.com/security/cve/CVE-2024-47537/ | self |
| https://www.suse.com/security/cve/CVE-2024-47598/ | self |
| https://www.suse.com/security/cve/CVE-2024-47599/ | self |
| https://www.suse.com/security/cve/CVE-2024-47601/ | self |
| https://www.suse.com/security/cve/CVE-2024-47606/ | self |
| https://www.suse.com/security/cve/CVE-2024-47613/ | self |
| https://www.suse.com/security/cve/CVE-2024-47774/ | self |
| https://www.suse.com/security/cve/CVE-2024-47775/ | self |
| https://www.suse.com/security/cve/CVE-2024-47530 | external |
| https://bugzilla.suse.com/1239347 | external |
| https://www.suse.com/security/cve/CVE-2024-47537 | external |
| https://bugzilla.suse.com/1234414 | external |
| https://www.suse.com/security/cve/CVE-2024-47598 | external |
| https://bugzilla.suse.com/1234426 | external |
| https://www.suse.com/security/cve/CVE-2024-47599 | external |
| https://bugzilla.suse.com/1234427 | external |
| https://www.suse.com/security/cve/CVE-2024-47601 | external |
| https://bugzilla.suse.com/1234428 | external |
| https://www.suse.com/security/cve/CVE-2024-47606 | external |
| https://bugzilla.suse.com/1234449 | external |
| https://www.suse.com/security/cve/CVE-2024-47613 | external |
| https://bugzilla.suse.com/1234447 | external |
| https://www.suse.com/security/cve/CVE-2024-47774 | external |
| https://bugzilla.suse.com/1234446 | external |
| https://www.suse.com/security/cve/CVE-2024-47775 | external |
| https://bugzilla.suse.com/1234434 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gstreamer-plugins-good-1.24.10-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gstreamer-plugins-good-1.24.10-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14578",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14578-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14578-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GZDF3P2GSSY47IWYHI5OBEEMZAKWSY3E/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14578-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GZDF3P2GSSY47IWYHI5OBEEMZAKWSY3E/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47530 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47537 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47598 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47599 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47613 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47774 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47774/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47775/"
}
],
"title": "gstreamer-plugins-good-1.24.10-2.1 on GA media",
"tracking": {
"current_release_date": "2024-12-13T00:00:00Z",
"generator": {
"date": "2024-12-13T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14578-1",
"initial_release_date": "2024-12-13T00:00:00Z",
"revision_history": [
{
"date": "2024-12-13T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-extra-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-jack-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-lang-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-32bit-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-extra-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-gtk-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-jack-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-lang-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-extra-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-jack-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-lang-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47530"
}
],
"notes": [
{
"category": "general",
"text": "Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47530",
"url": "https://www.suse.com/security/cve/CVE-2024-47530"
},
{
"category": "external",
"summary": "SUSE Bug 1239347 for CVE-2024-47530",
"url": "https://bugzilla.suse.com/1239347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47530"
},
{
"cve": "CVE-2024-47537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47537"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-\u003esamples to accommodate stream-\u003en_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47537",
"url": "https://www.suse.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "SUSE Bug 1234414 for CVE-2024-47537",
"url": "https://bugzilla.suse.com/1234414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47537"
},
{
"cve": "CVE-2024-47598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47598"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn\u0027t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts-\u003edata. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47598",
"url": "https://www.suse.com/security/cve/CVE-2024-47598"
},
{
"category": "external",
"summary": "SUSE Bug 1234426 for CVE-2024-47598",
"url": "https://bugzilla.suse.com/1234426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47598"
},
{
"cve": "CVE-2024-47599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47599"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47599",
"url": "https://www.suse.com/security/cve/CVE-2024-47599"
},
{
"category": "external",
"summary": "SUSE Bug 1234427 for CVE-2024-47599",
"url": "https://bugzilla.suse.com/1234427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47599"
},
{
"cve": "CVE-2024-47601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47601"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47601",
"url": "https://www.suse.com/security/cve/CVE-2024-47601"
},
{
"category": "external",
"summary": "SUSE Bug 1234428 for CVE-2024-47601",
"url": "https://bugzilla.suse.com/1234428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47601"
},
{
"cve": "CVE-2024-47606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47606"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the \u0027slice_size\u0027 variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem-\u003eallocator-\u003emem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47606",
"url": "https://www.suse.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "SUSE Bug 1234449 for CVE-2024-47606",
"url": "https://bugzilla.suse.com/1234449"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47606"
},
{
"cve": "CVE-2024-47613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47613"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47613",
"url": "https://www.suse.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "SUSE Bug 1234447 for CVE-2024-47613",
"url": "https://bugzilla.suse.com/1234447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47613"
},
{
"cve": "CVE-2024-47774",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47774"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47774",
"url": "https://www.suse.com/security/cve/CVE-2024-47774"
},
{
"category": "external",
"summary": "SUSE Bug 1234446 for CVE-2024-47774",
"url": "https://bugzilla.suse.com/1234446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47774"
},
{
"cve": "CVE-2024-47775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47775"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47775",
"url": "https://www.suse.com/security/cve/CVE-2024-47775"
},
{
"category": "external",
"summary": "SUSE Bug 1234434 for CVE-2024-47775",
"url": "https://bugzilla.suse.com/1234434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47775"
}
]
}
RHSA-2024:11119
Vulnerability from csaf_redhat - Published: 2024-12-16 16:08 - Updated: 2026-03-19 17:24Summary
Red Hat Security Advisory: gstreamer1-plugins-good security update
Severity
Important
Notes
Topic: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
8.4 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
9.8 (Critical)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.
6.5 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:11119 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-47537 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47537 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47537 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47539 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47539 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47539 | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47540 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47540 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47540 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47606 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47606 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47606 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47613 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n\n* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n\n* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n\n* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n\n* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11119",
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11119.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-good security update",
"tracking": {
"current_release_date": "2026-03-19T17:24:35+00:00",
"generator": {
"date": "2026-03-19T17:24:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:11119",
"initial_release_date": "2024-12-16T16:08:29+00:00",
"revision_history": [
{
"date": "2024-12-16T16:08:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-16T16:08:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T17:24:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:01.738365+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer\u0027s sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "RHBZ#2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
}
],
"release_date": "2024-12-11T18:51:56.158000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c"
},
{
"cve": "CVE-2024-47539",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:17.648621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331726"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "RHBZ#2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
}
],
"release_date": "2024-12-11T18:53:00.750000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a"
},
{
"cve": "CVE-2024-47540",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-12-11T19:00:50.751428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the Matroska/WebM demuxer. However, this issue still has an Important severity as it allows an attacker hijack the execution flow of the application, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "RHBZ#2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
}
],
"release_date": "2024-12-11T18:54:04.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the Matroska/WebM demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer"
},
{
"cve": "CVE-2024-47606",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-12-11T20:02:25.247273+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331760"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .mov file. However, this issue still has an Important severity as it allows an attacker to trigger an out-of-bounds write to memory allocated in the heap, overwriting critical memory regions, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "RHBZ#2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
}
],
"release_date": "2024-12-11T19:12:40.186000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the MP4/MOV demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
},
{
"cve": "CVE-2024-47613",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-12-11T20:01:56.201771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the gdk-pixbuf decoder. As user interaction is required to trigger is issue and the impact is limited to an application crash, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "RHBZ#2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
}
],
"release_date": "2024-12-11T19:14:02.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the gdk-pixbuf decoder and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
]
}
RHSA-2024:11121
Vulnerability from csaf_redhat - Published: 2024-12-16 16:14 - Updated: 2026-03-19 17:24Summary
Red Hat Security Advisory: gstreamer1-plugins-good security update
Severity
Important
Notes
Topic: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
8.4 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
9.8 (Critical)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.
6.5 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:11121 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-47537 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47537 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47537 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47539 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47539 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47539 | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47540 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47540 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47540 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47606 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47606 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47606 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47613 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n\n* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n\n* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n\n* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n\n* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11121",
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11121.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-good security update",
"tracking": {
"current_release_date": "2026-03-19T17:24:33+00:00",
"generator": {
"date": "2026-03-19T17:24:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:11121",
"initial_release_date": "2024-12-16T16:14:09+00:00",
"revision_history": [
{
"date": "2024-12-16T16:14:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-16T16:14:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T17:24:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:01.738365+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer\u0027s sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "RHBZ#2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
}
],
"release_date": "2024-12-11T18:51:56.158000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c"
},
{
"cve": "CVE-2024-47539",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:17.648621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331726"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "RHBZ#2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
}
],
"release_date": "2024-12-11T18:53:00.750000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a"
},
{
"cve": "CVE-2024-47540",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-12-11T19:00:50.751428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the Matroska/WebM demuxer. However, this issue still has an Important severity as it allows an attacker hijack the execution flow of the application, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "RHBZ#2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
}
],
"release_date": "2024-12-11T18:54:04.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the Matroska/WebM demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer"
},
{
"cve": "CVE-2024-47606",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-12-11T20:02:25.247273+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331760"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .mov file. However, this issue still has an Important severity as it allows an attacker to trigger an out-of-bounds write to memory allocated in the heap, overwriting critical memory regions, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "RHBZ#2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
}
],
"release_date": "2024-12-11T19:12:40.186000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the MP4/MOV demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
},
{
"cve": "CVE-2024-47613",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-12-11T20:01:56.201771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the gdk-pixbuf decoder. As user interaction is required to trigger is issue and the impact is limited to an application crash, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "RHBZ#2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
}
],
"release_date": "2024-12-11T19:14:02.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the gdk-pixbuf decoder and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
]
}
RHSA-2024:11122
Vulnerability from csaf_redhat - Published: 2024-12-16 15:58 - Updated: 2026-03-19 17:24Summary
Red Hat Security Advisory: gstreamer1-plugins-good security update
Severity
Important
Notes
Topic: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
8.4 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
9.8 (Critical)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.
6.5 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:11122 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-47537 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47537 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47537 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47539 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47539 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47539 | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47540 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47540 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47540 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47606 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47606 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47606 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47613 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n\n* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n\n* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n\n* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n\n* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11122",
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11122.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-good security update",
"tracking": {
"current_release_date": "2026-03-19T17:24:34+00:00",
"generator": {
"date": "2026-03-19T17:24:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:11122",
"initial_release_date": "2024-12-16T15:58:54+00:00",
"revision_history": [
{
"date": "2024-12-16T15:58:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-16T15:58:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T17:24:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_5?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:01.738365+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer\u0027s sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "RHBZ#2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
}
],
"release_date": "2024-12-11T18:51:56.158000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T15:58:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c"
},
{
"cve": "CVE-2024-47539",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:17.648621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331726"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "RHBZ#2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
}
],
"release_date": "2024-12-11T18:53:00.750000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T15:58:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a"
},
{
"cve": "CVE-2024-47540",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-12-11T19:00:50.751428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the Matroska/WebM demuxer. However, this issue still has an Important severity as it allows an attacker hijack the execution flow of the application, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "RHBZ#2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
}
],
"release_date": "2024-12-11T18:54:04.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T15:58:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the Matroska/WebM demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer"
},
{
"cve": "CVE-2024-47606",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-12-11T20:02:25.247273+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331760"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .mov file. However, this issue still has an Important severity as it allows an attacker to trigger an out-of-bounds write to memory allocated in the heap, overwriting critical memory regions, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "RHBZ#2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
}
],
"release_date": "2024-12-11T19:12:40.186000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T15:58:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the MP4/MOV demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
},
{
"cve": "CVE-2024-47613",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-12-11T20:01:56.201771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the gdk-pixbuf decoder. As user interaction is required to trigger is issue and the impact is limited to an application crash, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "RHBZ#2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
}
],
"release_date": "2024-12-11T19:14:02.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T15:58:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the gdk-pixbuf decoder and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.src",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.i686",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
]
}
RHSA-2024:11148
Vulnerability from csaf_redhat - Published: 2024-12-18 02:24 - Updated: 2026-03-19 17:24Summary
Red Hat Security Advisory: gstreamer1-plugins-good security update
Severity
Important
Notes
Topic: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
8.4 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
9.8 (Critical)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.
8.8 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.
8.8 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.
6.5 (Medium)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:11148 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-47537 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47537 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47537 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47539 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47539 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47539 | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47540 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47540 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47540 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47606 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47606 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47606 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47613 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n\n* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n\n* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n\n* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n\n* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11148",
"url": "https://access.redhat.com/errata/RHSA-2024:11148"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11148.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-good security update",
"tracking": {
"current_release_date": "2026-03-19T17:24:34+00:00",
"generator": {
"date": "2026-03-19T17:24:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:11148",
"initial_release_date": "2024-12-18T02:24:34+00:00",
"revision_history": [
{
"date": "2024-12-18T02:24:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-18T02:24:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T17:24:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"product": {
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"product_id": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.16.1-2.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"product": {
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"product_id": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.16.1-2.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"product_id": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.16.1-2.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.16.1-2.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.16.1-2.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.16.1-2.el8_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"product_id": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.16.1-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.16.1-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.16.1-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.16.1-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.16.1-2.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686"
},
"product_reference": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src"
},
"product_reference": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:01.738365+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer\u0027s sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "RHBZ#2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
}
],
"release_date": "2024-12-11T18:51:56.158000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-18T02:24:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11148"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c"
},
{
"cve": "CVE-2024-47539",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:17.648621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331726"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "RHBZ#2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
}
],
"release_date": "2024-12-11T18:53:00.750000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-18T02:24:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11148"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a"
},
{
"cve": "CVE-2024-47540",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-12-11T19:00:50.751428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the Matroska/WebM demuxer. However, this issue still has an Important severity as it allows an attacker hijack the execution flow of the application, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "RHBZ#2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
}
],
"release_date": "2024-12-11T18:54:04.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-18T02:24:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11148"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the Matroska/WebM demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer"
},
{
"cve": "CVE-2024-47606",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-12-11T20:02:25.247273+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331760"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .mov file. However, this issue still has an Important severity as it allows an attacker to trigger an out-of-bounds write to memory allocated in the heap, overwriting critical memory regions, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "RHBZ#2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
}
],
"release_date": "2024-12-11T19:12:40.186000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-18T02:24:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11148"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the MP4/MOV demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
},
{
"cve": "CVE-2024-47613",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-12-11T20:01:56.201771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the gdk-pixbuf decoder. As user interaction is required to trigger is issue and the impact is limited to an application crash, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "RHBZ#2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
}
],
"release_date": "2024-12-11T19:14:02.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-18T02:24:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11148"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the gdk-pixbuf decoder and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debuginfo-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-debugsource-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-0:1.16.1-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.i686",
"AppStream-8.2.0.Z.AUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…