SUSE-SU-2025:02055-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202502055-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02055-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:02055-1
- Related
- Published
- 2025-06-20T15:35:07Z
- Modified
- 2025-06-21T12:44:28.697165Z
- Upstream
- Summary
- Security update for gstreamer-plugins-good
- Details
-
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2024-47537: Fixed OOB-write in isomp4/qtdemux.c (bsc#1234414)
- CVE-2024-47539: Fixed OOB-write in converttos334_1a (bsc#1234417)
- CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer (bsc#1234421)
- CVE-2024-47543: Fixed OOB-read in qtdemuxparsecontainer (bsc#1234462)
- CVE-2024-47544: Fixed NULL-pointer dereferences in MP4/MOV demuxer CENC handling (bsc#1234473)
- CVE-2024-47545: Fixed integer underflow in FOURCC_strf parsing leading to OOB-read (bsc#1234476)
- CVE-2024-47546: Fixed integer underflow in extractccfrom_data leading to OOB-read (bsc#1234477)
- CVE-2024-47596: Fixed integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads (bsc#1234424)
- CVE-2024-47597: Fixed OOB-reads in MP4/MOV demuxer sample table parser (bsc#1234425)
- CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (bsc#1234427)
- CVE-2024-47601: Fixed NULL-pointer dereference in Matroska/WebM demuxer (bsc#1234428)
- CVE-2024-47602: Fixed NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (bsc#1234432)
- CVE-2024-47603: Fixed NULL-pointer dereference in Matroska/WebM demuxer (bsc#1234433)
- CVE-2024-47606: Fixed integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (bsc#1234449)
- CVE-2024-47613: Fixed NULL-pointer dereference in gdk-pixbuf decoder (bsc#1234447)
- CVE-2024-47774: Fixed integer overflow in AVI subtitle parser that leads to out-of-bounds reads (bsc#1234446)
- CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser (bsc#1234434)
- CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser (bsc#1234435)
- CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser (bsc#1234436)
- CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser (bsc#1234439)
- CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files (bsc#1234440)
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202502055-1/
- https://bugzilla.suse.com/1234414
- https://bugzilla.suse.com/1234417
- https://bugzilla.suse.com/1234421
- https://bugzilla.suse.com/1234424
- https://bugzilla.suse.com/1234425
- https://bugzilla.suse.com/1234427
- https://bugzilla.suse.com/1234428
- https://bugzilla.suse.com/1234432
- https://bugzilla.suse.com/1234433
- https://bugzilla.suse.com/1234434
- https://bugzilla.suse.com/1234435
- https://bugzilla.suse.com/1234436
- https://bugzilla.suse.com/1234439
- https://bugzilla.suse.com/1234440
- https://bugzilla.suse.com/1234446
- https://bugzilla.suse.com/1234447
- https://bugzilla.suse.com/1234449
- https://bugzilla.suse.com/1234462
- https://bugzilla.suse.com/1234473
- https://bugzilla.suse.com/1234476
- https://bugzilla.suse.com/1234477
- https://www.suse.com/security/cve/CVE-2024-47537
- https://www.suse.com/security/cve/CVE-2024-47539
- https://www.suse.com/security/cve/CVE-2024-47540
- https://www.suse.com/security/cve/CVE-2024-47543
- https://www.suse.com/security/cve/CVE-2024-47544
- https://www.suse.com/security/cve/CVE-2024-47545
- https://www.suse.com/security/cve/CVE-2024-47546
- https://www.suse.com/security/cve/CVE-2024-47596
- https://www.suse.com/security/cve/CVE-2024-47597
- https://www.suse.com/security/cve/CVE-2024-47599
- https://www.suse.com/security/cve/CVE-2024-47601
- https://www.suse.com/security/cve/CVE-2024-47602
- https://www.suse.com/security/cve/CVE-2024-47603
- https://www.suse.com/security/cve/CVE-2024-47606
- https://www.suse.com/security/cve/CVE-2024-47613
- https://www.suse.com/security/cve/CVE-2024-47774
- https://www.suse.com/security/cve/CVE-2024-47775
- https://www.suse.com/security/cve/CVE-2024-47776
- https://www.suse.com/security/cve/CVE-2024-47777
- https://www.suse.com/security/cve/CVE-2024-47778
- https://www.suse.com/security/cve/CVE-2024-47834
Affected packages
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / gstreamer-plugins-good
Package
- Name
- gstreamer-plugins-good
- Purl
- pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
SUSE:Linux Enterprise Server 15 SP3-LTSS / gstreamer-plugins-good
Package
- Name
- gstreamer-plugins-good
- Purl
- pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / gstreamer-plugins-good
Package
- Name
- gstreamer-plugins-good
- Purl
- pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3