suse-su-2025:0063-1
Vulnerability from csaf_suse
Published
2025-06-24 12:03
Modified
2025-06-24 12:03
Summary
Security update for gstreamer-plugins-good
Notes
Title of the patch
Security update for gstreamer-plugins-good
Description of the patch
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2024-47540: Fixed an uninitialized stack memory in Matroska/WebM demuxer. (boo#1234421)
- CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. (boo#1234414)
- CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container. (boo#1234462)
- CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (boo#1234473)
- CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to out-of-bounds read. (boo#1234476)
- CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads. (boo#1234424)
- CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table parser (boo#1234425)
- CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. (boo#1234427)
- CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234428)
- CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer. (boo#1234432)
- CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234433)
- CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449)
- CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449)
- CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder. (boo#1234447)
- CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads to out-of-bounds reads. (boo#1234446)
- CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser. (boo#1234434)
- CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser. (boo#1234435)
- CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser. (boo#1234436)
- CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser. (boo#1234439)
- CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files. (boo#1234440)
Patchnames
SUSE-2025-63,SUSE-SLE-SERVER-12-SP5-LTSS-2025-63,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-63
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for gstreamer-plugins-good",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for gstreamer-plugins-good fixes the following issues:\n\n- CVE-2024-47540: Fixed an uninitialized stack memory in Matroska/WebM demuxer. (boo#1234421)\n- CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. (boo#1234414)\n- CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container. (boo#1234462)\n- CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (boo#1234473)\n- CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to out-of-bounds read. (boo#1234476)\n- CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads. (boo#1234424)\n- CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table parser (boo#1234425)\n- CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. (boo#1234427)\n- CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234428)\n- CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer. (boo#1234432)\n- CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234433)\n- CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449)\n- CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449)\n- CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder. (boo#1234447)\n- CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads to out-of-bounds reads. (boo#1234446)\n- CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser. (boo#1234434)\n- CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser. (boo#1234435)\n- CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser. (boo#1234436)\n- CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser. (boo#1234439)\n- CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files. (boo#1234440)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-63,SUSE-SLE-SERVER-12-SP5-LTSS-2025-63,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-63",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0063-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0063-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250063-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0063-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020091.html"
},
{
"category": "self",
"summary": "SUSE Bug 1234414",
"url": "https://bugzilla.suse.com/1234414"
},
{
"category": "self",
"summary": "SUSE Bug 1234421",
"url": "https://bugzilla.suse.com/1234421"
},
{
"category": "self",
"summary": "SUSE Bug 1234424",
"url": "https://bugzilla.suse.com/1234424"
},
{
"category": "self",
"summary": "SUSE Bug 1234425",
"url": "https://bugzilla.suse.com/1234425"
},
{
"category": "self",
"summary": "SUSE Bug 1234427",
"url": "https://bugzilla.suse.com/1234427"
},
{
"category": "self",
"summary": "SUSE Bug 1234428",
"url": "https://bugzilla.suse.com/1234428"
},
{
"category": "self",
"summary": "SUSE Bug 1234432",
"url": "https://bugzilla.suse.com/1234432"
},
{
"category": "self",
"summary": "SUSE Bug 1234433",
"url": "https://bugzilla.suse.com/1234433"
},
{
"category": "self",
"summary": "SUSE Bug 1234434",
"url": "https://bugzilla.suse.com/1234434"
},
{
"category": "self",
"summary": "SUSE Bug 1234435",
"url": "https://bugzilla.suse.com/1234435"
},
{
"category": "self",
"summary": "SUSE Bug 1234436",
"url": "https://bugzilla.suse.com/1234436"
},
{
"category": "self",
"summary": "SUSE Bug 1234439",
"url": "https://bugzilla.suse.com/1234439"
},
{
"category": "self",
"summary": "SUSE Bug 1234440",
"url": "https://bugzilla.suse.com/1234440"
},
{
"category": "self",
"summary": "SUSE Bug 1234446",
"url": "https://bugzilla.suse.com/1234446"
},
{
"category": "self",
"summary": "SUSE Bug 1234447",
"url": "https://bugzilla.suse.com/1234447"
},
{
"category": "self",
"summary": "SUSE Bug 1234449",
"url": "https://bugzilla.suse.com/1234449"
},
{
"category": "self",
"summary": "SUSE Bug 1234462",
"url": "https://bugzilla.suse.com/1234462"
},
{
"category": "self",
"summary": "SUSE Bug 1234473",
"url": "https://bugzilla.suse.com/1234473"
},
{
"category": "self",
"summary": "SUSE Bug 1234476",
"url": "https://bugzilla.suse.com/1234476"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47537 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47540 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47543 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47544 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47545 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47596 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47597 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47599 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47601 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47603 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47613 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47774 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47774/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47776 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47777 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47778 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47834/"
}
],
"title": "Security update for gstreamer-plugins-good",
"tracking": {
"current_release_date": "2025-06-24T12:03:30Z",
"generator": {
"date": "2025-06-24T12:03:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0063-1",
"initial_release_date": "2025-06-24T12:03:30Z",
"revision_history": [
{
"date": "2025-06-24T12:03:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"product_id": "gstreamer-plugins-good-1.8.3-16.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.aarch64",
"product_id": "gstreamer-plugins-good-doc-1.8.3-16.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.aarch64",
"product": {
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.aarch64",
"product_id": "gstreamer-plugins-good-extra-1.8.3-16.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-64bit-1.8.3-16.12.1.aarch64_ilp32",
"product": {
"name": "gstreamer-plugins-good-64bit-1.8.3-16.12.1.aarch64_ilp32",
"product_id": "gstreamer-plugins-good-64bit-1.8.3-16.12.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-64bit-1.8.3-16.12.1.aarch64_ilp32",
"product": {
"name": "gstreamer-plugins-good-extra-64bit-1.8.3-16.12.1.aarch64_ilp32",
"product_id": "gstreamer-plugins-good-extra-64bit-1.8.3-16.12.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.8.3-16.12.1.i586",
"product": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.i586",
"product_id": "gstreamer-plugins-good-1.8.3-16.12.1.i586"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.i586",
"product": {
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.i586",
"product_id": "gstreamer-plugins-good-doc-1.8.3-16.12.1.i586"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.i586",
"product": {
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.i586",
"product_id": "gstreamer-plugins-good-extra-1.8.3-16.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"product": {
"name": "gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"product_id": "gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"product_id": "gstreamer-plugins-good-1.8.3-16.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.ppc64le",
"product_id": "gstreamer-plugins-good-doc-1.8.3-16.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.ppc64le",
"product": {
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.ppc64le",
"product_id": "gstreamer-plugins-good-extra-1.8.3-16.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.8.3-16.12.1.s390",
"product": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.s390",
"product_id": "gstreamer-plugins-good-1.8.3-16.12.1.s390"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.s390",
"product": {
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.s390",
"product_id": "gstreamer-plugins-good-doc-1.8.3-16.12.1.s390"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.s390",
"product": {
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.s390",
"product_id": "gstreamer-plugins-good-extra-1.8.3-16.12.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"product": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"product_id": "gstreamer-plugins-good-1.8.3-16.12.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.8.3-16.12.1.s390x",
"product": {
"name": "gstreamer-plugins-good-32bit-1.8.3-16.12.1.s390x",
"product_id": "gstreamer-plugins-good-32bit-1.8.3-16.12.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.s390x",
"product": {
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.s390x",
"product_id": "gstreamer-plugins-good-doc-1.8.3-16.12.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.s390x",
"product": {
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.s390x",
"product_id": "gstreamer-plugins-good-extra-1.8.3-16.12.1.s390x"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.s390x",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.s390x",
"product_id": "gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"product_id": "gstreamer-plugins-good-1.8.3-16.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-32bit-1.8.3-16.12.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-32bit-1.8.3-16.12.1.x86_64",
"product_id": "gstreamer-plugins-good-32bit-1.8.3-16.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-doc-1.8.3-16.12.1.x86_64",
"product_id": "gstreamer-plugins-good-doc-1.8.3-16.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-extra-1.8.3-16.12.1.x86_64",
"product_id": "gstreamer-plugins-good-extra-1.8.3-16.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.x86_64",
"product": {
"name": "gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.x86_64",
"product_id": "gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64"
},
"product_reference": "gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le"
},
"product_reference": "gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x"
},
"product_reference": "gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
},
"product_reference": "gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-1.8.3-16.12.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64"
},
"product_reference": "gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
},
"product_reference": "gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47537"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-\u003esamples to accommodate stream-\u003en_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47537",
"url": "https://www.suse.com/security/cve/CVE-2024-47537"
},
{
"category": "external",
"summary": "SUSE Bug 1234414 for CVE-2024-47537",
"url": "https://bugzilla.suse.com/1234414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "important"
}
],
"title": "CVE-2024-47537"
},
{
"cve": "CVE-2024-47540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47540"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size \u003c 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem-\u003eallocator-\u003emem_unmap_full or mem-\u003eallocator-\u003emem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47540",
"url": "https://www.suse.com/security/cve/CVE-2024-47540"
},
{
"category": "external",
"summary": "SUSE Bug 1234421 for CVE-2024-47540",
"url": "https://bugzilla.suse.com/1234421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "important"
}
],
"title": "CVE-2024-47540"
},
{
"cve": "CVE-2024-47543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47543"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47543",
"url": "https://www.suse.com/security/cve/CVE-2024-47543"
},
{
"category": "external",
"summary": "SUSE Bug 1234462 for CVE-2024-47543",
"url": "https://bugzilla.suse.com/1234462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47543"
},
{
"cve": "CVE-2024-47544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47544"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47544",
"url": "https://www.suse.com/security/cve/CVE-2024-47544"
},
{
"category": "external",
"summary": "SUSE Bug 1234473 for CVE-2024-47544",
"url": "https://bugzilla.suse.com/1234473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47544"
},
{
"cve": "CVE-2024-47545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47545"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47545",
"url": "https://www.suse.com/security/cve/CVE-2024-47545"
},
{
"category": "external",
"summary": "SUSE Bug 1234476 for CVE-2024-47545",
"url": "https://bugzilla.suse.com/1234476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47545"
},
{
"cve": "CVE-2024-47596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47596"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47596",
"url": "https://www.suse.com/security/cve/CVE-2024-47596"
},
{
"category": "external",
"summary": "SUSE Bug 1234424 for CVE-2024-47596",
"url": "https://bugzilla.suse.com/1234424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47596"
},
{
"cve": "CVE-2024-47597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47597"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream-\u003estco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47597",
"url": "https://www.suse.com/security/cve/CVE-2024-47597"
},
{
"category": "external",
"summary": "SUSE Bug 1234425 for CVE-2024-47597",
"url": "https://bugzilla.suse.com/1234425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47597"
},
{
"cve": "CVE-2024-47599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47599"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47599",
"url": "https://www.suse.com/security/cve/CVE-2024-47599"
},
{
"category": "external",
"summary": "SUSE Bug 1234427 for CVE-2024-47599",
"url": "https://bugzilla.suse.com/1234427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47599"
},
{
"cve": "CVE-2024-47601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47601"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47601",
"url": "https://www.suse.com/security/cve/CVE-2024-47601"
},
{
"category": "external",
"summary": "SUSE Bug 1234428 for CVE-2024-47601",
"url": "https://bugzilla.suse.com/1234428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47601"
},
{
"cve": "CVE-2024-47602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47602"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream-\u003ecodec_priv pointer in the following code. If stream-\u003ecodec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47602",
"url": "https://www.suse.com/security/cve/CVE-2024-47602"
},
{
"category": "external",
"summary": "SUSE Bug 1234432 for CVE-2024-47602",
"url": "https://bugzilla.suse.com/1234432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47602"
},
{
"cve": "CVE-2024-47603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47603"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47603",
"url": "https://www.suse.com/security/cve/CVE-2024-47603"
},
{
"category": "external",
"summary": "SUSE Bug 1234433 for CVE-2024-47603",
"url": "https://bugzilla.suse.com/1234433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47603"
},
{
"cve": "CVE-2024-47606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47606"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the \u0027slice_size\u0027 variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem-\u003eallocator-\u003emem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47606",
"url": "https://www.suse.com/security/cve/CVE-2024-47606"
},
{
"category": "external",
"summary": "SUSE Bug 1234449 for CVE-2024-47606",
"url": "https://bugzilla.suse.com/1234449"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "important"
}
],
"title": "CVE-2024-47606"
},
{
"cve": "CVE-2024-47613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47613"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47613",
"url": "https://www.suse.com/security/cve/CVE-2024-47613"
},
{
"category": "external",
"summary": "SUSE Bug 1234447 for CVE-2024-47613",
"url": "https://bugzilla.suse.com/1234447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47613"
},
{
"cve": "CVE-2024-47774",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47774"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47774",
"url": "https://www.suse.com/security/cve/CVE-2024-47774"
},
{
"category": "external",
"summary": "SUSE Bug 1234446 for CVE-2024-47774",
"url": "https://bugzilla.suse.com/1234446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47774"
},
{
"cve": "CVE-2024-47775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47775"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47775",
"url": "https://www.suse.com/security/cve/CVE-2024-47775"
},
{
"category": "external",
"summary": "SUSE Bug 1234434 for CVE-2024-47775",
"url": "https://bugzilla.suse.com/1234434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47775"
},
{
"cve": "CVE-2024-47776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47776"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size \u003c 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47776",
"url": "https://www.suse.com/security/cve/CVE-2024-47776"
},
{
"category": "external",
"summary": "SUSE Bug 1234435 for CVE-2024-47776",
"url": "https://bugzilla.suse.com/1234435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47776"
},
{
"cve": "CVE-2024-47777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47777"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47777",
"url": "https://www.suse.com/security/cve/CVE-2024-47777"
},
{
"category": "external",
"summary": "SUSE Bug 1234436 for CVE-2024-47777",
"url": "https://bugzilla.suse.com/1234436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47777"
},
{
"cve": "CVE-2024-47778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47778"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47778",
"url": "https://www.suse.com/security/cve/CVE-2024-47778"
},
{
"category": "external",
"summary": "SUSE Bug 1234439 for CVE-2024-47778",
"url": "https://bugzilla.suse.com/1234439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47778"
},
{
"cve": "CVE-2024-47834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47834"
}
],
"notes": [
{
"category": "general",
"text": "GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track-\u003ecodec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47834",
"url": "https://www.suse.com/security/cve/CVE-2024-47834"
},
{
"category": "external",
"summary": "SUSE Bug 1234440 for CVE-2024-47834",
"url": "https://bugzilla.suse.com/1234440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T12:03:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-47834"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…