MGASA-2025-0040
- Source
- https://advisories.mageia.org/MGASA-2025-0040.html
- Import Source
- https://advisories.mageia.org/MGASA-2025-0040.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2025-0040
- Related
- Published
- 2025-02-06T20:01:39Z
- Modified
- 2025-02-06T19:31:07Z
- Summary
- Updated gstreamer1.0, gstreamer1.0-plugins-base & gstreamer1.0-plugins-good packages fix security vulnerabilities
- Details
-
GStreamer has an OOB-write in isomp4/qtdemux.c. (CVE-2024-47537) GStreamer has a stack-buffer overflow in vorbishandleidentificationpacket. (CVE-2024-47538) GStreamer has an OOB-write in converttos3341a. (CVE-2024-47539) GStreamer uses uninitialized stack memory in Matroska/WebM demuxer. (CVE-2024-47540) GStreamer has an out-of-bounds write in SSA subtitle parser. (CVE-2024-47541) GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference. (CVE-2024-47542) GStreamer has an OOB-read in qtdemuxparsecontainer. (CVE-2024-47543) GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (CVE-2024-47544) GStreamer has an integer underflow in FOURCCstrf parsing leading to OOB-read. (CVE-2024-47545) GStreamer has an integer underflow in extractccfromdata leading to OOB-read. (CVE-2024-47546) GStreamer has an OOB-read in FOURCCSMI parsing. (CVE-2024-47596) GStreamer has an OOB-read in qtdemuxparsesamples. (CVE-2024-47597) GStreamer has an OOB-read in qtdemuxmergesampletable. (CVE-2024-47598) GStreamer Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. (CVE-2024-47599) GStreamer has an OOB-read in formatchannelmask. (CVE-2024-47600) GStreamer has a NULL-pointer dereference in Matroska/WebM demuxer. (CVE-2024-47601) GStreamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer. (CVE-2024-47602) GStreamer NULL-pointer dereference in Matroska/WebM demuxer. (CVE-2024-47603) GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (CVE-2024-47606) Stack-buffer overflow in gstopusdecparseheader. (CVE-2024-47607) GStreamer has a null pointer dereference in gstgdkpixbufdecflush. (CVE-2024-47613) GStreamer has an out-of-bounds write in Ogg demuxer. (CVE-2024-47615) GStreamer has an OOB-read in gstavisubtitleparsegab2chunk. (CVE-2024-47774) GStreamer has an OOB-read in parseds64. (CVE-2024-47775) GStreamer has a OOB-read in gstwavparsecuechunk. (CVE-2024-47776) GStreamer has an OOB-read in gstwavparsesmplchunk. (CVE-2024-47777) GStreamer has an OOB-read in gstwavparseadtlchunk. (CVE-2024-47778) Gstreamer Use-After-Free read in Matroska CodecPrivate. (CVE-2024-47834) Gstreamer NULL-pointer dereference in LRC subtitle parser. (CVE-2024-47835)
- References
-
- https://advisories.mageia.org/MGASA-2025-0040.html
- https://bugs.mageia.org/show_bug.cgi?id=33856
- https://www.openwall.com/lists/oss-security/2024/12/13/1
- https://lists.debian.org/debian-security-announce/2024/msg00247.html
- https://lists.debian.org/debian-security-announce/2024/msg00248.html
- https://lists.debian.org/debian-security-announce/2024/msg00254.html
- https://ubuntu.com/security/notices/USN-7174-1
- https://ubuntu.com/security/notices/USN-7176-1
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / gstreamer1.0
Package
- Name
- gstreamer1.0
- Purl
- pkg:rpm/mageia/gstreamer1.0?distro=mageia-9
Mageia:9 / gstreamer1.0-plugins-base
Package
- Name
- gstreamer1.0-plugins-base
- Purl
- pkg:rpm/mageia/gstreamer1.0-plugins-base?distro=mageia-9
Mageia:9 / gstreamer1.0-plugins-good
Package
- Name
- gstreamer1.0-plugins-good
- Purl
- pkg:rpm/mageia/gstreamer1.0-plugins-good?distro=mageia-9