{"id":"MGASA-2025-0040","summary":"Updated gstreamer1.0, gstreamer1.0-plugins-base & gstreamer1.0-plugins-good packages fix security vulnerabilities","details":"GStreamer has an OOB-write in isomp4/qtdemux.c. (CVE-2024-47537)\nGStreamer has a stack-buffer overflow in\nvorbis_handle_identification_packet. (CVE-2024-47538)\nGStreamer has an OOB-write in convert_to_s334_1a. (CVE-2024-47539)\nGStreamer uses uninitialized stack memory in Matroska/WebM demuxer.\n(CVE-2024-47540)\nGStreamer has an out-of-bounds write in SSA subtitle parser.\n(CVE-2024-47541)\nGStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference.\n(CVE-2024-47542)\nGStreamer has an OOB-read in qtdemux_parse_container. (CVE-2024-47543)\nGStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC\nhandling. (CVE-2024-47544)\nGStreamer has an integer underflow in FOURCC_strf parsing leading to\nOOB-read. (CVE-2024-47545)\nGStreamer has an integer underflow in extract_cc_from_data leading to\nOOB-read. (CVE-2024-47546)\nGStreamer has an OOB-read in FOURCC_SMI_ parsing. (CVE-2024-47596)\nGStreamer has an OOB-read in qtdemux_parse_samples. (CVE-2024-47597)\nGStreamer has an OOB-read in qtdemux_merge_sample_table.\n(CVE-2024-47598)\nGStreamer Insufficient error handling in JPEG decoder that can lead to\nNULL-pointer dereferences. (CVE-2024-47599)\nGStreamer has an OOB-read in format_channel_mask. (CVE-2024-47600)\nGStreamer has a NULL-pointer dereference in Matroska/WebM demuxer.\n(CVE-2024-47601)\nGStreamer NULL-pointer dereferences and out-of-bounds reads in\nMatroska/WebM demuxer. (CVE-2024-47602)\nGStreamer NULL-pointer dereference in Matroska/WebM demuxer.\n(CVE-2024-47603)\nGStreamer Integer overflows in MP4/MOV demuxer and memory allocator that\ncan lead to out-of-bounds writes. (CVE-2024-47606)\nStack-buffer overflow in gst_opus_dec_parse_header. (CVE-2024-47607)\nGStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush.\n(CVE-2024-47613)\nGStreamer has an out-of-bounds write in Ogg demuxer. (CVE-2024-47615)\nGStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk.\n(CVE-2024-47774)\nGStreamer has an OOB-read in parse_ds64. (CVE-2024-47775)\nGStreamer has a OOB-read in gst_wavparse_cue_chunk. (CVE-2024-47776)\nGStreamer has an OOB-read in gst_wavparse_smpl_chunk. (CVE-2024-47777)\nGStreamer has an OOB-read in gst_wavparse_adtl_chunk. (CVE-2024-47778)\nGstreamer Use-After-Free read in Matroska CodecPrivate. (CVE-2024-47834)\nGstreamer NULL-pointer dereference in LRC subtitle parser.\n(CVE-2024-47835)\n","modified":"2026-03-25T17:59:14.584322Z","published":"2025-02-06T20:01:39Z","related":["CVE-2024-47537","CVE-2024-47538","CVE-2024-47539","CVE-2024-47540","CVE-2024-47541","CVE-2024-47542","CVE-2024-47543","CVE-2024-47544","CVE-2024-47545","CVE-2024-47546","CVE-2024-47596","CVE-2024-47597","CVE-2024-47598","CVE-2024-47599","CVE-2024-47600","CVE-2024-47601","CVE-2024-47602","CVE-2024-47603","CVE-2024-47613","CVE-2024-47774","CVE-2024-47835"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0040.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33856"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/12/13/1"},{"type":"REPORT","url":"https://lists.debian.org/debian-security-announce/2024/msg00247.html"},{"type":"REPORT","url":"https://lists.debian.org/debian-security-announce/2024/msg00248.html"},{"type":"REPORT","url":"https://lists.debian.org/debian-security-announce/2024/msg00254.html"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-7174-1"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-7174-1"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-7176-1"}],"affected":[{"package":{"name":"gstreamer1.0","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/gstreamer1.0?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.11-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0040.json"}},{"package":{"name":"gstreamer1.0-plugins-base","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/gstreamer1.0-plugins-base?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.11-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0040.json"}},{"package":{"name":"gstreamer1.0-plugins-good","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/gstreamer1.0-plugins-good?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.11-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0040.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}