ALSA-2025:7242
- Source
- https://errata.almalinux.org/9/ALSA-2025-7242.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:7242.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALSA-2025:7242
- Related
- Published
- 2025-05-13T00:00:00Z
- Modified
- 2025-07-02T13:13:21Z
- Summary
- Moderate: gstreamer1-plugins-good security update
- Details
-
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
- gstreamer1-plugins-good: OOB-read in qtdemuxparsecontainer (CVE-2024-47543)
- gstreamer1-plugins-good: GStreamer has an OOB-read in gstavisubtitleparsegab2_chunk (CVE-2024-47774)
- gstreamer1-plugins-good: OOB-read in gstwavparsesmpl_chunk (CVE-2024-47777)
- gstreamer1-plugins-good: OOB-read in gstwavparseadtl_chunk (CVE-2024-47778)
- gstreamer1-plugins-good: OOB-read in parse_ds64 (CVE-2024-47775)
- gstreamer1-plugins-good: OOB-read in FOURCCSMI parsing (CVE-2024-47596)
- gstreamer1-plugins-good: insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (CVE-2024-47599)
- gstreamer1-plugins-good: Use-After-Free read in Matroska CodecPrivate (CVE-2024-47834)
- gstreamer1-plugins-good: OOB-read in gstwavparsecue_chunk (CVE-2024-47776)
- gstreamer1-plugins-good: NULL-pointer dereferences in MP4/MOV demuxer CENC handling (CVE-2024-47544)
- gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47601)
- gstreamer1-plugins-good: OOB-read in qtdemuxparsesamples (CVE-2024-47597)
- gstreamer1-plugins-good: integer underflow in extractccfrom_data leading to OOB-read (CVE-2024-47546)
- gstreamer1-plugins-good: NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (CVE-2024-47602)
- gstreamer1-plugins-good: OOB-read in qtdemuxmergesample_table (CVE-2024-47598)
- gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47603)
- gstreamer1-plugins-good: integer underflow in FOURCC_strf parsing leading to OOB-read (CVE-2024-47545)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2025:7242
- https://access.redhat.com/security/cve/CVE-2024-47543
- https://access.redhat.com/security/cve/CVE-2024-47544
- https://access.redhat.com/security/cve/CVE-2024-47545
- https://access.redhat.com/security/cve/CVE-2024-47546
- https://access.redhat.com/security/cve/CVE-2024-47596
- https://access.redhat.com/security/cve/CVE-2024-47597
- https://access.redhat.com/security/cve/CVE-2024-47598
- https://access.redhat.com/security/cve/CVE-2024-47599
- https://access.redhat.com/security/cve/CVE-2024-47601
- https://access.redhat.com/security/cve/CVE-2024-47602
- https://access.redhat.com/security/cve/CVE-2024-47603
- https://access.redhat.com/security/cve/CVE-2024-47774
- https://access.redhat.com/security/cve/CVE-2024-47775
- https://access.redhat.com/security/cve/CVE-2024-47776
- https://access.redhat.com/security/cve/CVE-2024-47777
- https://access.redhat.com/security/cve/CVE-2024-47778
- https://access.redhat.com/security/cve/CVE-2024-47834
- https://bugzilla.redhat.com/2331723
- https://bugzilla.redhat.com/2331739
- https://bugzilla.redhat.com/2331741
- https://bugzilla.redhat.com/2331743
- https://bugzilla.redhat.com/2331744
- https://bugzilla.redhat.com/2331747
- https://bugzilla.redhat.com/2331748
- https://bugzilla.redhat.com/2331749
- https://bugzilla.redhat.com/2331750
- https://bugzilla.redhat.com/2331751
- https://bugzilla.redhat.com/2331752
- https://bugzilla.redhat.com/2331755
- https://bugzilla.redhat.com/2331756
- https://bugzilla.redhat.com/2331759
- https://bugzilla.redhat.com/2331761
- https://bugzilla.redhat.com/2331762
- https://bugzilla.redhat.com/2331763
- https://errata.almalinux.org/9/ALSA-2025-7242.html
Affected packages
AlmaLinux:9 / gstreamer1-plugins-good
Package
- Name
- gstreamer1-plugins-good
- Purl
- pkg:rpm/almalinux/gstreamer1-plugins-good