Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9 MGASA-2025-0040 critical: GStreamer memory issues

mageia
Calendar Grey February 6, 2025
Dist Mageia Esm H88
New versions of gstreamer1.0 along with its plugins have been released to address severe security vulnerabilities, specifically concerning out-of-bounds writes and memory management issues.
GStreamer has an OOB-write in isomp4/qtdemux.c

Summary

GStreamer has an OOB-write in isomp4/qtdemux.c. (CVE-2024-47537) GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet. (CVE-2024-47538) GStreamer has an OOB-write in convert_to_s334_1a. (CVE-2024-47539) GStreamer uses uninitialized stack memory in Matroska/WebM demuxer. (CVE-2024-47540) GStreamer has an out-of-bounds write in SSA subtitle parser. (CVE-2024-47541) GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference. (CVE-2024-47542) GStreamer has an OOB-read in qtdemux_parse_container. (CVE-2024-47543) GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (CVE-2024-47544) GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read. (CVE-2024-47545) GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read. (CVE-2024-47546) GStreamer has an OOB-read in FOURCC_SMI_ parsing. (CVE-2024-47596) GStreamer has an OOB-read in qtdemux_parse_samples. (CVE-2024-47597) GStreamer has an OOB-read i...

References

- https://bugs.mageia.org/show_bug.cgi?id=33856

- https://www.openwall.com/lists/oss-security/2024/12/13/1

- https://lists.debian.org/debian-security-announce/2024/msg00247.html

- https://lists.debian.org/debian-security-announce/2024/msg00248.html

- https://lists.debian.org/debian-security-announce/2024/msg00254.html

- https://ubuntu.com/security/notices/USN-7174-1

- https://ubuntu.com/security/notices/USN-7174-1

- https://ubuntu.com/security/notices/USN-7176-1

- https://www.cve.org/CVERecord?id=CVE-2024-47537

- https://www.cve.org/CVERecord?id=CVE-2024-47538

- https://www.cve.org/CVERecord?id=CVE-2024-47539

- https://www.cve.org/CVERecord?id=CVE-2024-47540

- https://www.cve.org/CVERecord?id=CVE-2024-47541

- https://www.cve.org/CVERecord?id=CVE-2024-47542

- https://www.cve.org/CVERecord?id=CVE-2024-47543

- https://www.cve.org/CVERecord?id=CVE-2024-47544

- https://www.cve.org/CVERecord?id=CVE-2024-47545

- https://www.cve.org/CVERecord?id=CVE-2024-47546

- https://www.cve.org/CVERecord?id=CVE-2024-47596

- https://www.cve.org/CVERecord?id=CVE-2024-47597

- https://www.cve.org/CVERecord?id=CVE-2024-47598

- https://www.cve.org/CVERecord?id=CVE-2024-47599

- https://www.cve.org/CVERecord?id=CVE-2024-47600

- https://www.cve.org/CVERecord?id=CVE-2024-47601

- https://www.cve.org/CVERecord?id=CVE-2024-47602

Topics%20covered

Topics Covered

security advisory security issue media player GStreamer Mageia stack-buffer overflow OOB-write

Resolution

SRPMS

- 9/core/gstreamer1.0-1.22.11-1.1.mga9

- 9/core/gstreamer1.0-plugins-base-1.22.11-1.2.mga9

- 9/core/gstreamer1.0-plugins-good-1.22.11-1.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 06 Feb 2025
URL: https://advisories.mageia.org/MGASA-2025-0040.html
Type: security
CVE: CVE-2024-47537, CVE-2024-47538, CVE-2024-47539, CVE-2024-47540, CVE-2024-47541, CVE-2024-47542, CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599, CVE-2024-47600, CVE-2024-47601, CVE-2024-47602

Topics%20covered

Topics Covered

security advisory security issue media player GStreamer Mageia stack-buffer overflow OOB-write

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here