Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-7807-1
Vulnerability from osv_ubuntu
Michael Randrianantenaina discovered that GStreamer Base Plugins did not correctly handle certain integer operations. An attacker could possibly use this issue to execute arbitrary code. (CVE-2023-37327, CVE-2024-4453)
Michael Randrianantenaina discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-37328)
Antonio Morales discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-47538)
Antonio Morales discovered that GStreamer Base Plugins did not correctly handle parsing certain inputs, which could lead to an out-of-bounds access vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-47541, CVE-2024-47615)
Antonio Morales discovered that GStreamer Base Plugins did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-47542, CVE-2024-47607, CVE-2024-47835)
Antonio Morales discovered that GStreamer Base Plugins did not correctly handle parsing certain inputs, which could lead to an out-of-bounds access vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-47600)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-37327",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-4453",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47541",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47542",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47607",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47615",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47835",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-37327",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-37328",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-4453",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47541",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47542",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47600",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47607",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47615",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-47835",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
}
],
"aliases": [],
"details": "Michael Randrianantenaina discovered that GStreamer Base Plugins did not\ncorrectly handle certain integer operations. An attacker could possibly\nuse this issue to execute arbitrary code. (CVE-2023-37327, CVE-2024-4453)\n\nMichael Randrianantenaina discovered that GStreamer Base Plugins did not\ncorrectly handle certain memory operations. An attacker could possibly\nuse this issue to execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS. (CVE-2023-37328)\n\nAntonio Morales discovered that GStreamer Base Plugins did not correctly\nhandle certain memory operations. An attacker could possibly use this\nissue to execute arbitrary code. (CVE-2024-47538)\n\nAntonio Morales discovered that GStreamer Base Plugins did not correctly\nhandle parsing certain inputs, which could lead to an out-of-bounds access\nvulnerability. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. (CVE-2024-47541, CVE-2024-47615)\n\nAntonio Morales discovered that GStreamer Base Plugins did not correctly\nhandle certain memory operations. An attacker could possibly use this\nissue to cause a denial of service. (CVE-2024-47542, CVE-2024-47607,\nCVE-2024-47835)\n\nAntonio Morales discovered that GStreamer Base Plugins did not correctly\nhandle parsing certain inputs, which could lead to an out-of-bounds access\nvulnerability. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS. (CVE-2024-47600)",
"id": "USN-7807-1",
"modified": "2026-06-25T10:46:58Z",
"published": "2025-10-07T03:19:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-37327"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-37328"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-4453"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47538"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47541"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47542"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47600"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47607"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47615"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47835"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "gst-plugins-base1.0 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2023-37327",
"UBUNTU-CVE-2023-37328",
"UBUNTU-CVE-2024-4453",
"UBUNTU-CVE-2024-47538",
"UBUNTU-CVE-2024-47541",
"UBUNTU-CVE-2024-47542",
"UBUNTU-CVE-2024-47600",
"UBUNTU-CVE-2024-47607",
"UBUNTU-CVE-2024-47615",
"UBUNTU-CVE-2024-47835"
]
}
ubuntu-cve-2023-37327
Vulnerability from osv_ubuntu
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gstreamer0.10-gconf",
"binary_version": "0.10.31-3+nmu4ubuntu2.16.04.3"
},
{
"binary_name": "gstreamer0.10-plugins-good",
"binary_version": "0.10.31-3+nmu4ubuntu2.16.04.3"
},
{
"binary_name": "gstreamer0.10-pulseaudio",
"binary_version": "0.10.31-3+nmu4ubuntu2.16.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-good0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-good0.10@0.10.31-3+nmu4ubuntu2.16.04.3?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.31-3+nmu4ubuntu2~gcc5.1",
"0.10.31-3+nmu4ubuntu2.16.04.1",
"0.10.31-3+nmu4ubuntu2.16.04.2",
"0.10.31-3+nmu4ubuntu2.16.04.3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gstreamer1.0-plugins-good",
"binary_version": "1.8.3-1ubuntu0.5+esm1"
},
{
"binary_name": "gstreamer1.0-pulseaudio",
"binary_version": "1.8.3-1ubuntu0.5+esm1"
},
{
"binary_name": "libgstreamer-plugins-good1.0-0",
"binary_version": "1.8.3-1ubuntu0.5+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-good1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-good1.0@1.8.3-1ubuntu0.5+esm1?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.2-1ubuntu0.3",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.4",
"1.8.3-1ubuntu0.5",
"1.8.3-1ubuntu0.5+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gstreamer1.0-gtk3",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-good",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-pulseaudio",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-qt5",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-good1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-good1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-good1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1ubuntu1",
"1.12.4-1ubuntu1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.4-1ubuntu1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3",
"1.14.5-0ubuntu1~18.04.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gstreamer1.0-gtk3",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-plugins-good",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-pulseaudio",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-qt5",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "libgstreamer-plugins-good1.0-0",
"binary_version": "1.16.3-0ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-good1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-good1.0@1.16.3-0ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1ubuntu1",
"1.16.2-1ubuntu1",
"1.16.2-1ubuntu2",
"1.16.2-1ubuntu2.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gstreamer1.0-gtk3",
"binary_version": "1.20.3-0ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-plugins-good",
"binary_version": "1.20.3-0ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-pulseaudio",
"binary_version": "1.20.3-0ubuntu1.1"
},
{
"binary_name": "gstreamer1.0-qt5",
"binary_version": "1.20.3-0ubuntu1.1"
},
{
"binary_name": "libgstreamer-plugins-good1.0-0",
"binary_version": "1.20.3-0ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-good1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-good1.0@1.20.3-0ubuntu1.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.3-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1ubuntu2",
"1.18.5-1ubuntu3",
"1.20.0-2ubuntu1",
"1.20.1-1ubuntu1",
"1.20.3-0ubuntu1"
]
}
],
"aliases": [],
"details": "GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775.",
"id": "UBUNTU-CVE-2023-37327",
"modified": "2026-05-20T15:02:45Z",
"published": "2023-07-31T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-37327"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0001.html"
},
{
"type": "REPORT",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6268-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6269-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37327"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-6268-1",
"USN-6269-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-37327"
]
}
ubuntu-cve-2023-37328
Vulnerability from osv_ubuntu
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1"
]
}
],
"aliases": [],
"details": "GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994.",
"id": "UBUNTU-CVE-2023-37328",
"modified": "2026-04-22T07:45:23Z",
"published": "2023-07-31T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-37328"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2023-0002.html"
},
{
"type": "REPORT",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6268-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37328"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-6268-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-37328"
]
}
ubuntu-cve-2024-4453
Vulnerability from osv_ubuntu
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.3"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.3"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.3"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.3"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.3"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.3"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.3"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1",
"1.16.3-0ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1",
"1.20.1-1ubuntu0.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.24.2-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.24.2-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.24.2-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.24.2-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.24.2-1ubuntu0.1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.24.2-1ubuntu0.1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.24.2-1ubuntu0.1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.24.2-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.24.2-1ubuntu0.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.6-1",
"1.22.7-1",
"1.22.8-1",
"1.22.10-1",
"1.24.1-1",
"1.24.1-1build1",
"1.24.2-1"
]
}
],
"aliases": [],
"details": "GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.",
"id": "UBUNTU-CVE-2024-4453",
"modified": "2026-05-20T15:07:26Z",
"published": "2024-05-23T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-4453"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4453"
},
{
"type": "REPORT",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-467/"
},
{
"type": "REPORT",
"url": "https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6798-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-6798-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-4453"
]
}
ubuntu-cve-2024-47538
Vulnerability from osv_ubuntu
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1",
"1.16.3-0ubuntu1.2",
"1.16.3-0ubuntu1.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1",
"1.20.1-1ubuntu0.1",
"1.20.1-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.24.2-1ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.6-1",
"1.22.7-1",
"1.22.8-1",
"1.22.10-1",
"1.24.1-1",
"1.24.1-1build1",
"1.24.2-1",
"1.24.2-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd-\u003evi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.",
"id": "UBUNTU-CVE-2024-47538",
"modified": "2026-05-20T15:12:33Z",
"published": "2024-12-12T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47538"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0022.html"
},
{
"type": "REPORT",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7175-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-7175-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-47538"
]
}
ubuntu-cve-2024-47541
Vulnerability from osv_ubuntu
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1",
"1.16.3-0ubuntu1.2",
"1.16.3-0ubuntu1.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1",
"1.20.1-1ubuntu0.1",
"1.20.1-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.24.2-1ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.6-1",
"1.22.7-1",
"1.22.8-1",
"1.22.10-1",
"1.24.1-1",
"1.24.1-1build1",
"1.24.2-1",
"1.24.2-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket \"}\" appears before an opening curly bracket \"{\" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.",
"id": "UBUNTU-CVE-2024-47541",
"modified": "2026-05-20T15:12:33Z",
"published": "2024-12-12T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47541"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47541"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0023.html"
},
{
"type": "REPORT",
"url": "https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7175-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-7175-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-47541"
]
}
ubuntu-cve-2024-47542
Vulnerability from osv_ubuntu
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1",
"1.16.3-0ubuntu1.2",
"1.16.3-0ubuntu1.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1",
"1.20.1-1ubuntu0.1",
"1.20.1-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.24.2-1ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.6-1",
"1.22.7-1",
"1.22.8-1",
"1.22.10-1",
"1.24.1-1",
"1.24.1-1build1",
"1.24.2-1",
"1.24.2-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work-\u003ehdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.",
"id": "UBUNTU-CVE-2024-47542",
"modified": "2026-05-20T15:12:33Z",
"published": "2024-12-12T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47542"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47542"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0008.html"
},
{
"type": "REPORT",
"url": "https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7175-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-7175-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-47542"
]
}
ubuntu-cve-2024-47600
Vulnerability from osv_ubuntu
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1",
"1.16.3-0ubuntu1.2",
"1.16.3-0ubuntu1.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1",
"1.20.1-1ubuntu0.1",
"1.20.1-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.24.2-1ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.6-1",
"1.22.7-1",
"1.22.8-1",
"1.22.10-1",
"1.24.1-1",
"1.24.1-1build1",
"1.24.2-1",
"1.24.2-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value-\u003evalue_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.",
"id": "UBUNTU-CVE-2024-47600",
"modified": "2026-04-22T07:51:12Z",
"published": "2024-12-12T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47600"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47600"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html"
},
{
"type": "REPORT",
"url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7175-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-7175-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-47600"
]
}
ubuntu-cve-2024-47607
Vulnerability from osv_ubuntu
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1",
"1.16.3-0ubuntu1.2",
"1.16.3-0ubuntu1.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1",
"1.20.1-1ubuntu0.1",
"1.20.1-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.24.2-1ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.6-1",
"1.22.7-1",
"1.22.8-1",
"1.22.10-1",
"1.24.1-1",
"1.24.1-1build1",
"1.24.2-1",
"1.24.2-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c\u0027. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.",
"id": "UBUNTU-CVE-2024-47607",
"modified": "2026-05-20T15:12:33Z",
"published": "2024-12-12T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47607"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0024.html"
},
{
"type": "REPORT",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7175-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-7175-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-47607"
]
}
ubuntu-cve-2024-47615
Vulnerability from osv_ubuntu
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1",
"1.16.3-0ubuntu1.2",
"1.16.3-0ubuntu1.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1",
"1.20.1-1ubuntu0.1",
"1.20.1-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.24.2-1ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.6-1",
"1.22.7-1",
"1.22.8-1",
"1.22.10-1",
"1.24.1-1",
"1.24.1-1build1",
"1.24.2-1",
"1.24.2-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad-\u003evorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad-\u003evorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.",
"id": "UBUNTU-CVE-2024-47615",
"modified": "2026-05-20T15:12:34Z",
"published": "2024-12-12T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47615"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html"
},
{
"type": "REPORT",
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7175-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-7175-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-47615"
]
}
ubuntu-cve-2024-47835
Vulnerability from osv_ubuntu
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-0.10",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-alsa",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-gnomevfs",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-plugins-base-apps",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "gstreamer0.10-x",
"binary_version": "0.10.36-2ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base0.10-0",
"binary_version": "0.10.36-2ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "gst-plugins-base0.10",
"purl": "pkg:deb/ubuntu/gst-plugins-base0.10@0.10.36-2ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.36-2",
"0.10.36-2ubuntu0.1",
"0.10.36-2ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.8.3-1ubuntu0.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.8.3-1ubuntu0.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3-1ubuntu0.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.0-1ubuntu1",
"1.6.1-1ubuntu1",
"1.6.2-1ubuntu1",
"1.7.1-1ubuntu1",
"1.7.2-1ubuntu1",
"1.7.90-1ubuntu1",
"1.7.91-1ubuntu1",
"1.8.0-1ubuntu1",
"1.8.1-1ubuntu0.1",
"1.8.2-1ubuntu0.1",
"1.8.2-1ubuntu0.2",
"1.8.3-1ubuntu0.1",
"1.8.3-1ubuntu0.2",
"1.8.3-1ubuntu0.3",
"1.8.3-1ubuntu0.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.14.5-0ubuntu1~18.04.3+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.14.5-0ubuntu1~18.04.3+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.5-0ubuntu1~18.04.3+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.12.3-1",
"1.12.4-1",
"1.13.1-1ubuntu1",
"1.13.91-1ubuntu1",
"1.14.0-1ubuntu1",
"1.14.0-2ubuntu1",
"1.14.1-1ubuntu1~ubuntu18.04.1",
"1.14.1-1ubuntu1~ubuntu18.04.2",
"1.14.4-1ubuntu1.1~ubuntu18.04.1",
"1.14.5-0ubuntu1~18.04.1",
"1.14.5-0ubuntu1~18.04.2",
"1.14.5-0ubuntu1~18.04.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.16.3-0ubuntu1.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.16.3-0ubuntu1.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.3-0ubuntu1.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.1-1",
"1.16.2-1",
"1.16.2-2",
"1.16.2-2ubuntu3",
"1.16.2-2ubuntu4",
"1.16.2-4",
"1.16.2-4ubuntu0.1",
"1.16.3-0ubuntu1",
"1.16.3-0ubuntu1.1",
"1.16.3-0ubuntu1.2",
"1.16.3-0ubuntu1.3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.20.1-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.20.1-1ubuntu0.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.1-1ubuntu0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.5-1",
"1.19.90-1",
"1.20.0-1",
"1.20.0-2",
"1.20.1-1",
"1.20.1-1ubuntu0.1",
"1.20.1-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "gir1.2-gst-plugins-base-1.0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-alsa",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-gl",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-plugins-base-apps",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "gstreamer1.0-x",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-gl1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
},
{
"binary_name": "libgstreamer-plugins-base1.0-0",
"binary_version": "1.24.2-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "gst-plugins-base1.0",
"purl": "pkg:deb/ubuntu/gst-plugins-base1.0@1.24.2-1ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.6-1",
"1.22.7-1",
"1.22.8-1",
"1.22.10-1",
"1.24.1-1",
"1.24.1-1build1",
"1.24.2-1",
"1.24.2-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character \u0027]\u0027 in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character \u0027]\u0027, strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.",
"id": "UBUNTU-CVE-2024-47835",
"modified": "2026-05-20T15:12:49Z",
"published": "2024-12-12T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-47835"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47835"
},
{
"type": "REPORT",
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0029.html"
},
{
"type": "REPORT",
"url": "https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7175-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7807-1"
}
],
"related": [
"USN-7175-1",
"USN-7807-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-47835"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.