ALSA-2025:7243

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.

Security Fix(es):

• gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference (CVE-2024-47542)
• gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser (CVE-2024-47541)
• gstreamer1-plugins-base: GStreamer has an OOB-read in formatchannelmask (CVE-2024-47600)
• gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser (CVE-2024-47835)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.