SUSE-SU-2025:0067-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250067-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0067-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0067-1
Upstream
Related
Published
2025-01-10T16:48:42Z
Modified
2025-05-08T17:33:55.731752Z
Summary
Security update for gstreamer-plugins-good
Details

This update for gstreamer-plugins-good fixes the following issues:

  • CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. (boo#1234421)
  • CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. (boo#1234414)
  • CVE-2024-47539: Fixed an out-of-bounds write in converttos334_1a. (boo#1234417)
  • CVE-2024-47543: Fixed an out-of-bounds write in qtdemuxparsecontainer. (boo#1234462)
  • CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (boo#1234473)
  • CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to out-of-bounds read. (boo#1234476)
  • CVE-2024-47546: Fixed an integer underflow in extractccfrom_data leading to out-of-bounds read. (boo#1234477)
  • CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads. (boo#1234424)
  • CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table parser (boo#1234425)
  • CVE-2024-47598: Fixed MP4/MOV sample table parser out-of-bounds read. (boo#1234426)
  • CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. (boo#1234427)
  • CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234428)
  • CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer. (boo#1234432)
  • CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234433)
  • CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449)
  • CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449)
  • CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder. (boo#1234447)
  • CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads to out-of-bounds reads. (boo#1234446)
  • CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser. (boo#1234434)
  • CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser. (boo#1234435)
  • CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser. (boo#1234436)
  • CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser. (boo#1234439)
  • CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files. (boo#1234440)
References

Affected packages

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS

gstreamer-plugins-good

Package

Name
gstreamer-plugins-good
Purl
pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.1-150400.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "gstreamer-plugins-good": "1.20.1-150400.3.9.1",
            "gstreamer-plugins-good-lang": "1.20.1-150400.3.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0067-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS

gstreamer-plugins-good

Package

Name
gstreamer-plugins-good
Purl
pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.1-150400.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "gstreamer-plugins-good": "1.20.1-150400.3.9.1",
            "gstreamer-plugins-good-lang": "1.20.1-150400.3.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0067-1.json"

SUSE:Linux Enterprise Server 15 SP4-LTSS

gstreamer-plugins-good

Package

Name
gstreamer-plugins-good
Purl
pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.1-150400.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "gstreamer-plugins-good": "1.20.1-150400.3.9.1",
            "gstreamer-plugins-good-lang": "1.20.1-150400.3.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0067-1.json"

SUSE:Linux Enterprise Server for SAP Applications 15 SP4

gstreamer-plugins-good

Package

Name
gstreamer-plugins-good
Purl
pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.1-150400.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "gstreamer-plugins-good": "1.20.1-150400.3.9.1",
            "gstreamer-plugins-good-lang": "1.20.1-150400.3.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0067-1.json"

SUSE:Manager Proxy 4.3

gstreamer-plugins-good

Package

Name
gstreamer-plugins-good
Purl
pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Proxy%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.1-150400.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "gstreamer-plugins-good": "1.20.1-150400.3.9.1",
            "gstreamer-plugins-good-lang": "1.20.1-150400.3.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0067-1.json"

SUSE:Manager Server 4.3

gstreamer-plugins-good

Package

Name
gstreamer-plugins-good
Purl
pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Server%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.1-150400.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "gstreamer-plugins-good": "1.20.1-150400.3.9.1",
            "gstreamer-plugins-good-lang": "1.20.1-150400.3.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0067-1.json"