SUSE-SU-2023:3688-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20233688-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3688-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2023:3688-1
- Upstream
- Related
- Published
- 2023-09-19T15:40:17Z
- Modified
- 2025-05-08T17:29:16.782394Z
- Summary
- Security update for gstreamer-plugins-good
- Details
-
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack (bsc#1184739).
- CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688).
- CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693).
- CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702).
- CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704).
- CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706).
- CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707).
- CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708).
- CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128).
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20233688-1/
- https://bugzilla.suse.com/1184739
- https://bugzilla.suse.com/1201688
- https://bugzilla.suse.com/1201693
- https://bugzilla.suse.com/1201702
- https://bugzilla.suse.com/1201704
- https://bugzilla.suse.com/1201706
- https://bugzilla.suse.com/1201707
- https://bugzilla.suse.com/1201708
- https://bugzilla.suse.com/1213128
- https://www.suse.com/security/cve/CVE-2021-3497
- https://www.suse.com/security/cve/CVE-2022-1920
- https://www.suse.com/security/cve/CVE-2022-1921
- https://www.suse.com/security/cve/CVE-2022-1922
- https://www.suse.com/security/cve/CVE-2022-1923
- https://www.suse.com/security/cve/CVE-2022-1924
- https://www.suse.com/security/cve/CVE-2022-1925
- https://www.suse.com/security/cve/CVE-2022-2122
- https://www.suse.com/security/cve/CVE-2023-37327
Affected packages
SUSE:Linux Enterprise Server 15 SP1-LTSS / gstreamer-plugins-good
Package
- Name
- gstreamer-plugins-good
- Purl
- pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.12.5-150000.3.7.2
SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / gstreamer-plugins-good
Package
- Name
- gstreamer-plugins-good
- Purl
- pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.12.5-150000.3.7.2