Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47540 (GCVE-0-2024-47540)
Vulnerability from cvelistv5 – Published: 2024-12-11 18:54 – Updated: 2025-11-03 20:39
VLAI
EPSS
Title
GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer
Summary
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.
Severity
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | x_refsource_MISC |
| https://gstreamer.freedesktop.org/security/sa-202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47540",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T14:34:42.237926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T14:34:59.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:39:37.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gstreamer",
"vendor": "gstreamer",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T18:54:04.383Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
},
{
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
}
],
"source": {
"advisory": "GHSA-7r72-m3fh-rrfh",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47540",
"datePublished": "2024-12-11T18:54:04.383Z",
"dateReserved": "2024-09-25T21:46:10.930Z",
"dateUpdated": "2025-11-03T20:39:37.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-47540",
"date": "2026-05-26",
"epss": "0.01342",
"percentile": "0.80248"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.24.10\", \"matchCriteriaId\": \"82BF8403-8CE2-4AFC-865F-FD40A77D20E0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.\"}, {\"lang\": \"es\", \"value\": \"GStreamer es una librer\\u00eda para construir gr\\u00e1ficos de componentes de manejo de medios. Se ha identificado una vulnerabilidad de variable de pila no inicializada en la funci\\u00f3n gst_matroska_demux_add_wvpk_header dentro de matroska-demux.c. Cuando size \u0026lt; 4, el programa llama a gst_buffer_unmap con una variable de mapa no inicializada. Luego, en la funci\\u00f3n gst_memory_unmap, el programa intentar\\u00e1 desasignar el b\\u00fafer utilizando la variable de mapa no inicializada, lo que provocar\\u00e1 un secuestro del puntero de funci\\u00f3n, ya que saltar\\u00e1 a mem-\u0026gt;allocator-\u0026gt;mem_unmap_full o mem-\u0026gt;allocator-\u0026gt;mem_unmap. Esta vulnerabilidad podr\\u00eda permitir que un atacante secuestre el flujo de ejecuci\\u00f3n, lo que podr\\u00eda provocar la ejecuci\\u00f3n del c\\u00f3digo. Esta vulnerabilidad se corrigi\\u00f3 en 1.24.10.\"}]",
"id": "CVE-2024-47540",
"lastModified": "2024-12-18T21:53:53.963",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-12-12T02:03:28.343",
"references": "[{\"url\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://gstreamer.freedesktop.org/security/sa-2024-0017.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-457\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-908\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47540\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-12-12T02:03:28.343\",\"lastModified\":\"2026-03-17T15:52:33.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.\"},{\"lang\":\"es\",\"value\":\"GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se ha identificado una vulnerabilidad de variable de pila no inicializada en la funci\u00f3n gst_matroska_demux_add_wvpk_header dentro de matroska-demux.c. Cuando size \u0026lt; 4, el programa llama a gst_buffer_unmap con una variable de mapa no inicializada. Luego, en la funci\u00f3n gst_memory_unmap, el programa intentar\u00e1 desasignar el b\u00fafer utilizando la variable de mapa no inicializada, lo que provocar\u00e1 un secuestro del puntero de funci\u00f3n, ya que saltar\u00e1 a mem-\u0026gt;allocator-\u0026gt;mem_unmap_full o mem-\u0026gt;allocator-\u0026gt;mem_unmap. Esta vulnerabilidad podr\u00eda permitir que un atacante secuestre el flujo de ejecuci\u00f3n, lo que podr\u00eda provocar la ejecuci\u00f3n del c\u00f3digo. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-457\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.10\",\"matchCriteriaId\":\"1B92A50A-2A86-49C9-9E3E-CE01EBC1987B\"}]}]}],\"references\":[{\"url\":\"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://gstreamer.freedesktop.org/security/sa-2024-0017.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47540\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-12T14:34:42.237926Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-12T14:34:55.230Z\"}}], \"cna\": {\"title\": \"GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer\", \"source\": {\"advisory\": \"GHSA-7r72-m3fh-rrfh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"gstreamer\", \"product\": \"gstreamer\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.24.10\"}]}], \"references\": [{\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/\", \"name\": \"https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch\", \"name\": \"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://gstreamer.freedesktop.org/security/sa-2024-0017.html\", \"name\": \"https://gstreamer.freedesktop.org/security/sa-2024-0017.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-457\", \"description\": \"CWE-457: Use of Uninitialized Variable\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-12-11T18:54:04.383Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47540\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-12T14:34:59.985Z\", \"dateReserved\": \"2024-09-25T21:46:10.930Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-12-11T18:54:04.383Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0661
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 25.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": " AppDynamics On-Premise Enterprise Console versions ant\u00e9rieures \u00e0 25.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21543"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-47601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47601"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2024-47544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47544"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2024-47545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47545"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-4761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4761"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2024-47596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47596"
},
{
"name": "CVE-2022-48285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2024-47602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47602"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-47541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47541"
},
{
"name": "CVE-2024-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47774"
},
{
"name": "CVE-2023-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50186"
},
{
"name": "CVE-2024-47599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47599"
},
{
"name": "CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-0833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0833"
},
{
"name": "CVE-2024-47542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47542"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21531"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2024-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47546"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27888"
},
{
"name": "CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2024-52979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52979"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2023-6992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6992"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2024-47778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47778"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-47777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47777"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2024-47543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47543"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-47600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47600"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2024-47835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47835"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2024-47597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47597"
},
{
"name": "CVE-2025-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21520"
},
{
"name": "CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2024-47598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47598"
},
{
"name": "CVE-2024-47603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47603"
},
{
"name": "CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21518"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2024-47776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47776"
},
{
"name": "CVE-2024-47834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47834"
},
{
"name": "CVE-2024-47775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47775"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0661",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0802",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0802"
},
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0801",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0801"
}
]
}
CERTFR-2025-AVI-0661
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 25.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": " AppDynamics On-Premise Enterprise Console versions ant\u00e9rieures \u00e0 25.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21543"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-47601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47601"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2024-47544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47544"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2024-47545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47545"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-4761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4761"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2024-47596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47596"
},
{
"name": "CVE-2022-48285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2024-47602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47602"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-47541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47541"
},
{
"name": "CVE-2024-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47774"
},
{
"name": "CVE-2023-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50186"
},
{
"name": "CVE-2024-47599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47599"
},
{
"name": "CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-0833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0833"
},
{
"name": "CVE-2024-47542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47542"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21531"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2024-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47546"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27888"
},
{
"name": "CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2024-52979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52979"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2023-6992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6992"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2024-47778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47778"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-47777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47777"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2024-47543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47543"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-47600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47600"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2024-47835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47835"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2024-47597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47597"
},
{
"name": "CVE-2025-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21520"
},
{
"name": "CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2024-47598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47598"
},
{
"name": "CVE-2024-47603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47603"
},
{
"name": "CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21518"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2024-47776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47776"
},
{
"name": "CVE-2024-47834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47834"
},
{
"name": "CVE-2024-47775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47775"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0661",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0802",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0802"
},
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0801",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0801"
}
]
}
alsa-2024:11122
Vulnerability from osv_almalinux
Published
2024-12-16 00:00
Modified
2024-12-23 08:18
Summary
Important: gstreamer1-plugins-good security update
Details
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
- gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
- gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
- gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
- gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
- gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "gstreamer1-plugins-good"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.1-3.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "gstreamer1-plugins-good-gtk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.1-3.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. \n\nSecurity Fix(es): \n\n * gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n * gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n * gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n * gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n * gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:11122",
"modified": "2024-12-23T08:18:58Z",
"published": "2024-12-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:11122"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331719"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331722"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331726"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331753"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331760"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-11122.html"
}
],
"related": [
"CVE-2024-47540",
"CVE-2024-47537",
"CVE-2024-47539",
"CVE-2024-47613",
"CVE-2024-47606"
],
"summary": "Important: gstreamer1-plugins-good security update"
}
alsa-2024:11299
Vulnerability from osv_almalinux
Published
2024-12-17 00:00
Modified
2024-12-18 12:41
Summary
Important: gstreamer1-plugins-good security update
Details
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
- gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
- gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
- gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
- gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
- gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gstreamer1-plugins-good"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-5.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gstreamer1-plugins-good-gtk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-5.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. \n\nSecurity Fix(es): \n\n * gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n * gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n * gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n * gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n * gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:11299",
"modified": "2024-12-18T12:41:06Z",
"published": "2024-12-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:11299"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331719"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331722"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331726"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331753"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2331760"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-11299.html"
}
],
"related": [
"CVE-2024-47540",
"CVE-2024-47537",
"CVE-2024-47539",
"CVE-2024-47613",
"CVE-2024-47606"
],
"summary": "Important: gstreamer1-plugins-good security update"
}
BDU:2024-11292
Vulnerability from fstec - Published: 30.09.2024
VLAI
Title
Уязвимость функции gst_matroska_demux_add_wvpk_header мультимедийного фреймворка Gstreamer, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Description
Уязвимость функции gst_matroska_demux_add_wvpk_header связана с использованием неинициализированной переменной. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Сообщество GStreamer, АО "НППКТ", ООО «НЦПР», ООО «Открытая мобильная платформа»
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Gstreamer, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), МСВСфера, ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 1.8 (Astra Linux Special Edition), до 1.24.10 (Gstreamer), до 2.13 (ОСОН ОСнова Оnyx), 9.5 (МСВСфера), до 5.1.5 включительно (ОС Аврора)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для GStreamer:
https://gstreamer.freedesktop.org/security/sa-2024-0017.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2024-47540
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-47540
Для РЕД ОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091
Обновление программного обеспечения gst-plugins-good1.0 до версии 1.18.4-2+deb11u3
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.22.1-1ubuntu1.2astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.18.4-1astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
Для ОС Astra Linux:
обновить пакет gst-plugins-good1.0 до 1.18.4-1astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47
Для ОС Аврора: https://cve.omp.ru/bb30515
Reference
https://security-tracker.debian.org/tracker/CVE-2024-47540
https://access.redhat.com/security/cve/cve-2024-47540
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch
https://gstreamer.freedesktop.org/security/sa-2024-0017.html
https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.13/
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE86
https://cve.omp.ru/bb30515
CWE
CWE-457
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": "AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e GStreamer, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 1.8 (Astra Linux Special Edition), \u0434\u043e 1.24.10 (Gstreamer), \u0434\u043e 2.13 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430), \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f GStreamer:\nhttps://gstreamer.freedesktop.org/security/sa-2024-0017.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2024-47540\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-47540\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f gst-plugins-good1.0 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.18.4-2+deb11u3\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.22.1-1ubuntu1.2astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.18.4-1astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 gst-plugins-good1.0 \u0434\u043e 1.18.4-1astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430: https://cve.omp.ru/bb30515",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.12.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-11292",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-47540",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Gstreamer, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.13 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 gst_matroska_demux_add_wvpk_header \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0433\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Gstreamer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 (CWE-457)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 gst_matroska_demux_add_wvpk_header \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://security-tracker.debian.org/tracker/CVE-2024-47540\nhttps://access.redhat.com/security/cve/cve-2024-47540\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch\t\nhttps://gstreamer.freedesktop.org/security/sa-2024-0017.html\t\nhttps://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-gstreamer1-plugins-good/?sphrase_id=641091\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.13/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2024:11122?lang=ru\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE86\nhttps://cve.omp.ru/bb30515",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-457",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,4)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}
FKIE_CVE-2024-47540
Vulnerability from fkie_nvd - Published: 2024-12-12 02:03 - Updated: 2026-03-17 15:52
Severity
Summary
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch | Patch | |
| security-advisories@github.com | https://gstreamer.freedesktop.org/security/sa-2024-0017.html | Release Notes | |
| security-advisories@github.com | https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B92A50A-2A86-49C9-9E3E-CE01EBC1987B",
"versionEndExcluding": "1.24.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10."
},
{
"lang": "es",
"value": "GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se ha identificado una vulnerabilidad de variable de pila no inicializada en la funci\u00f3n gst_matroska_demux_add_wvpk_header dentro de matroska-demux.c. Cuando size \u0026lt; 4, el programa llama a gst_buffer_unmap con una variable de mapa no inicializada. Luego, en la funci\u00f3n gst_memory_unmap, el programa intentar\u00e1 desasignar el b\u00fafer utilizando la variable de mapa no inicializada, lo que provocar\u00e1 un secuestro del puntero de funci\u00f3n, ya que saltar\u00e1 a mem-\u0026gt;allocator-\u0026gt;mem_unmap_full o mem-\u0026gt;allocator-\u0026gt;mem_unmap. Esta vulnerabilidad podr\u00eda permitir que un atacante secuestre el flujo de ejecuci\u00f3n, lo que podr\u00eda provocar la ejecuci\u00f3n del c\u00f3digo. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10."
}
],
"id": "CVE-2024-47540",
"lastModified": "2026-03-17T15:52:33.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-12T02:03:28.343",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-457"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
OPENSUSE-SU-2025:14699-1
Vulnerability from csaf_opensuse - Published: 2025-01-27 00:00 - Updated: 2025-01-27 00:00Summary
gstreamer-plugins-good-1.24.11-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: gstreamer-plugins-good-1.24.11-2.1 on GA media
Description of the patch: These are all security issues fixed in the gstreamer-plugins-good-1.24.11-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14699
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gstreamer-plugins-good-1.24.11-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gstreamer-plugins-good-1.24.11-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14699",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14699-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47540 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47540/"
}
],
"title": "gstreamer-plugins-good-1.24.11-2.1 on GA media",
"tracking": {
"current_release_date": "2025-01-27T00:00:00Z",
"generator": {
"date": "2025-01-27T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14699-1",
"initial_release_date": "2025-01-27T00:00:00Z",
"revision_history": [
{
"date": "2025-01-27T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-extra-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-jack-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-lang-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-32bit-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-extra-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-gtk-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-jack-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-lang-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-extra-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-jack-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-lang-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64",
"product_id": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-extra-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-jack-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-lang-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47540"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47540",
"url": "https://www.suse.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "SUSE Bug 1234421 for CVE-2024-47540",
"url": "https://bugzilla.suse.com/1234421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.11-2.1.x86_64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.aarch64",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.ppc64le",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.s390x",
"openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-27T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47540"
}
]
}
RHSA-2024:11119
Vulnerability from csaf_redhat - Published: 2024-12-16 16:08 - Updated: 2026-03-19 17:24Summary
Red Hat Security Advisory: gstreamer1-plugins-good security update
Severity
Important
Notes
Topic: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
8.4 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
9.8 (Critical)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.
6.5 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:11119 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-47537 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47537 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47537 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47539 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47539 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47539 | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47540 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47540 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47540 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47606 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47606 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47606 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47613 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n\n* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n\n* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n\n* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n\n* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11119",
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11119.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-good security update",
"tracking": {
"current_release_date": "2026-03-19T17:24:35+00:00",
"generator": {
"date": "2026-03-19T17:24:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:11119",
"initial_release_date": "2024-12-16T16:08:29+00:00",
"revision_history": [
{
"date": "2024-12-16T16:08:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-16T16:08:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T17:24:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.18.4-7.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:01.738365+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer\u0027s sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "RHBZ#2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
}
],
"release_date": "2024-12-11T18:51:56.158000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c"
},
{
"cve": "CVE-2024-47539",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:17.648621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331726"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "RHBZ#2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
}
],
"release_date": "2024-12-11T18:53:00.750000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a"
},
{
"cve": "CVE-2024-47540",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-12-11T19:00:50.751428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the Matroska/WebM demuxer. However, this issue still has an Important severity as it allows an attacker hijack the execution flow of the application, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "RHBZ#2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
}
],
"release_date": "2024-12-11T18:54:04.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the Matroska/WebM demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer"
},
{
"cve": "CVE-2024-47606",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-12-11T20:02:25.247273+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331760"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .mov file. However, this issue still has an Important severity as it allows an attacker to trigger an out-of-bounds write to memory allocated in the heap, overwriting critical memory regions, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "RHBZ#2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
}
],
"release_date": "2024-12-11T19:12:40.186000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the MP4/MOV demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
},
{
"cve": "CVE-2024-47613",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-12-11T20:01:56.201771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the gdk-pixbuf decoder. As user interaction is required to trigger is issue and the impact is limited to an application crash, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "RHBZ#2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
}
],
"release_date": "2024-12-11T19:14:02.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11119"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the gdk-pixbuf decoder and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.src",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.18.4-7.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.i686",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.18.4-7.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
]
}
RHSA-2024:11121
Vulnerability from csaf_redhat - Published: 2024-12-16 16:14 - Updated: 2026-03-19 17:24Summary
Red Hat Security Advisory: gstreamer1-plugins-good security update
Severity
Important
Notes
Topic: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
8.4 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
9.8 (Critical)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.
8.8 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.
6.5 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:11121 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-47537 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331722 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47537 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47537 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47539 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331726 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47539 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47539 | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47540 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331719 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47540 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47540 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47606 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331760 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47606 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47606 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
| https://access.redhat.com/security/cve/CVE-2024-47613 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331753 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-47613 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-47613 | external |
| https://gitlab.freedesktop.org/gstreamer/gstreame… | external |
| https://gstreamer.freedesktop.org/security/sa-202… | external |
| https://securitylab.github.com/advisories/GHSL-20… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)\n\n* gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)\n\n* gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)\n\n* gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)\n\n* gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:11121",
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11121.json"
}
],
"title": "Red Hat Security Advisory: gstreamer1-plugins-good security update",
"tracking": {
"current_release_date": "2026-03-19T17:24:33+00:00",
"generator": {
"date": "2026-03-19T17:24:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:11121",
"initial_release_date": "2024-12-16T16:14:09+00:00",
"revision_history": [
{
"date": "2024-12-16T16:14:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-12-16T16:14:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T17:24:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debugsource@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-gtk-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_id": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gstreamer1-plugins-good-qt-debuginfo@1.22.1-3.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
},
"product_reference": "gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:01.738365+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer\u0027s sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "RHBZ#2331722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/"
}
],
"release_date": "2024-12-11T18:51:56.158000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c"
},
{
"cve": "CVE-2024-47539",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-11T19:01:17.648621+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331726"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47539"
},
{
"category": "external",
"summary": "RHBZ#2331726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/"
}
],
"release_date": "2024-12-11T18:53:00.750000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: OOB-write in convert_to_s334_1a"
},
{
"cve": "CVE-2024-47540",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-12-11T19:00:50.751428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Matroska/WebM demuxer in the GStreamer library. Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the Matroska/WebM demuxer. However, this issue still has an Important severity as it allows an attacker hijack the execution flow of the application, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "RHBZ#2331719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/"
}
],
"release_date": "2024-12-11T18:54:04.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the Matroska/WebM demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer"
},
{
"cve": "CVE-2024-47606",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2024-12-11T20:02:25.247273+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331760"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .mov file. However, this issue still has an Important severity as it allows an attacker to trigger an out-of-bounds write to memory allocated in the heap, overwriting critical memory regions, potentially resulting in unexpected behavior, including arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "RHBZ#2331760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331760"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
}
],
"release_date": "2024-12-11T19:12:40.186000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the MP4/MOV demuxer and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes"
},
{
"cve": "CVE-2024-47613",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-12-11T20:01:56.201771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gdk-pixbuf decoder in the GStreamer library. Processing a specially crafted input file can cause a NULL pointer dereference due to an unchecked return value, resulting in an application crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted file with the gdk-pixbuf decoder. As user interaction is required to trigger is issue and the impact is limited to an application crash, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "RHBZ#2331753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
},
{
"category": "external",
"summary": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"category": "external",
"summary": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
}
],
"release_date": "2024-12-11T19:14:02.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-16T16:14:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:11121"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the gdk-pixbuf decoder and monitor application crashes as this may indicate exploitation attempts.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.src",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-debugsource-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-gtk-debuginfo-0:1.22.1-3.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.i686",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:gstreamer1-plugins-good-qt-debuginfo-0:1.22.1-3.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…