SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-65

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-65

Security update for gstreamer-plugins-base

Type: security

Severity: important

Issued: 2025-01-10

Description:

This update for gstreamer-plugins-base fixes the following issues:

- CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415)
- CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450)
- CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453)
- CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
- CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459)
- CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460)
- CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)

References

CVE: CVE-2024-47835
CVE: CVE-2024-47615
CVE: CVE-2024-47607
CVE: CVE-2024-47600
CVE: CVE-2024-47542
CVE: CVE-2024-47541
CVE: CVE-2024-47538
Bugzilla: 1234460 VUL-0: CVE-2024-47542: gstreamer-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference
Bugzilla: 1234459 VUL-0: CVE-2024-47541: gstreamer-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser
Bugzilla: 1234456 VUL-0: CVE-2024-47615: gstreamer-plugins-base: Out-of-bounds write in Ogg demuxer
Bugzilla: 1234455 VUL-0: CVE-2024-47607: gstreamer-plugins-base: Stack buffer-overflow in Opus decoder
Bugzilla: 1234453 VUL-0: CVE-2024-47600: gstreamer-plugins-base: Out-of-bounds read in gst-discoverer-1.0 commandline tool
Bugzilla: 1234450 VUL-0: CVE-2024-47835: gstreamer-plugins-base: NULL-pointer dereference in LRC subtitle parser
Bugzilla: 1234415 VUL-0: CVE-2024-47538: gstreamer-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet

Packages

gstreamer-plugins-base-1.24.0-150600.3.8.1