RLSA-2025:7242
- Source
- https://errata.rockylinux.org/RLSA-2025:7242
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2025:7242.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2025:7242
- Upstream
- Published
- 2025-10-04T00:11:30.916420Z
- Modified
- 2025-10-07T17:39:26.667701Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Moderate: gstreamer1-plugins-good security update
- Details
-
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
gstreamer1-plugins-good: OOB-read in qtdemuxparsecontainer (CVE-2024-47543)
gstreamer1-plugins-good: GStreamer has an OOB-read in gstavisubtitleparsegab2_chunk (CVE-2024-47774)
gstreamer1-plugins-good: OOB-read in gstwavparsesmpl_chunk (CVE-2024-47777)
gstreamer1-plugins-good: OOB-read in gstwavparseadtl_chunk (CVE-2024-47778)
gstreamer1-plugins-good: OOB-read in parse_ds64 (CVE-2024-47775)
gstreamer1-plugins-good: OOB-read in FOURCCSMI parsing (CVE-2024-47596)
gstreamer1-plugins-good: insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (CVE-2024-47599)
gstreamer1-plugins-good: Use-After-Free read in Matroska CodecPrivate (CVE-2024-47834)
gstreamer1-plugins-good: OOB-read in gstwavparsecue_chunk (CVE-2024-47776)
gstreamer1-plugins-good: NULL-pointer dereferences in MP4/MOV demuxer CENC handling (CVE-2024-47544)
gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47601)
gstreamer1-plugins-good: OOB-read in qtdemuxparsesamples (CVE-2024-47597)
gstreamer1-plugins-good: integer underflow in extractccfrom_data leading to OOB-read (CVE-2024-47546)
gstreamer1-plugins-good: NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (CVE-2024-47602)
gstreamer1-plugins-good: OOB-read in qtdemuxmergesample_table (CVE-2024-47598)
gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47603)
gstreamer1-plugins-good: integer underflow in FOURCC_strf parsing leading to OOB-read (CVE-2024-47545)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9 Release Notes linked from the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2025:7242
- https://bugzilla.redhat.com/show_bug.cgi?id=2331723
- https://bugzilla.redhat.com/show_bug.cgi?id=2331739
- https://bugzilla.redhat.com/show_bug.cgi?id=2331741
- https://bugzilla.redhat.com/show_bug.cgi?id=2331743
- https://bugzilla.redhat.com/show_bug.cgi?id=2331744
- https://bugzilla.redhat.com/show_bug.cgi?id=2331747
- https://bugzilla.redhat.com/show_bug.cgi?id=2331748
- https://bugzilla.redhat.com/show_bug.cgi?id=2331749
- https://bugzilla.redhat.com/show_bug.cgi?id=2331750
- https://bugzilla.redhat.com/show_bug.cgi?id=2331751
- https://bugzilla.redhat.com/show_bug.cgi?id=2331752
- https://bugzilla.redhat.com/show_bug.cgi?id=2331755
- https://bugzilla.redhat.com/show_bug.cgi?id=2331756
- https://bugzilla.redhat.com/show_bug.cgi?id=2331759
- https://bugzilla.redhat.com/show_bug.cgi?id=2331761
- https://bugzilla.redhat.com/show_bug.cgi?id=2331762
- https://bugzilla.redhat.com/show_bug.cgi?id=2331763
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:9 / gstreamer1-plugins-good
Package
- Name
- gstreamer1-plugins-good
- Purl
- pkg:rpm/rocky-linux/gstreamer1-plugins-good?distro=rocky-linux-9-6&epoch=0