RLSA-2024:11299
- Source
- https://errata.rockylinux.org/RLSA-2024:11299
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2024:11299.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/RLSA-2024:11299
- Related
- Published
- 2024-12-19T04:18:05.672002Z
- Modified
- 2024-12-19T04:21:00.563676Z
- Summary
- Important: gstreamer1-plugins-good security update
- Details
-
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
gstreamer1-plugins-good: OOB-write in converttos334_1a (CVE-2024-47539)
gstreamer1-plugins-good: null pointer dereference in gstgdkpixbufdecflush (CVE-2024-47613)
gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2024:11299
- https://bugzilla.redhat.com/show_bug.cgi?id=2331719
- https://bugzilla.redhat.com/show_bug.cgi?id=2331722
- https://bugzilla.redhat.com/show_bug.cgi?id=2331726
- https://bugzilla.redhat.com/show_bug.cgi?id=2331753
- https://bugzilla.redhat.com/show_bug.cgi?id=2331760
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / gstreamer1-plugins-good
Package
- Name
- gstreamer1-plugins-good
- Purl
- pkg:rpm/rocky-linux/gstreamer1-plugins-good?distro=rocky-linux-8&epoch=0