rpm package
almalinux/gstreamer1-plugins-good
pkg:rpm/almalinux/gstreamer1-plugins-good
Vulnerabilities (38)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47597 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer | ||
| CVE-2024-47596 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is gr | ||
| CVE-2024-47546 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8 | ||
| CVE-2024-47545 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than | ||
| CVE-2024-47544 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. | ||
| CVE-2024-47543 | — | < 1.22.12-4.el9 | 1.22.12-4.el9 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is bi | ||
| CVE-2024-47540 | — | < 1.22.1-3.el9_5 | 1.22.1-3.el9_5 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uni | ||
| CVE-2024-47539 | — | < 1.22.1-3.el9_5 | 1.22.1-3.el9_5 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the stora | ||
| CVE-2024-47537 | — | < 1.22.1-3.el9_5 | 1.22.1-3.el9_5 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from | ||
| CVE-2023-37327 | — | < 1.22.1-2.el9 | 1.22.1-2.el9 | May 3, 2024 | GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vector | ||
| CVE-2022-1924 | — | < 1.18.4-6.el9 | 1.18.4-6.el9 | Jul 19, 2022 | DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS ca | ||
| CVE-2022-1923 | — | < 1.18.4-6.el9 | 1.18.4-6.el9 | Jul 19, 2022 | DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS | ||
| CVE-2022-2122 | — | < 1.18.4-6.el9 | 1.18.4-6.el9 | Jul 19, 2022 | DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, | ||
| CVE-2022-1925 | — | < 1.18.4-6.el9 | 1.18.4-6.el9 | Jul 19, 2022 | DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be | ||
| CVE-2022-1922 | — | < 1.18.4-6.el9 | 1.18.4-6.el9 | Jul 19, 2022 | DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the unde | ||
| CVE-2022-1920 | — | < 1.18.4-6.el9 | 1.18.4-6.el9 | Jul 19, 2022 | Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. | ||
| CVE-2022-1921 | — | < 1.18.4-6.el9 | 1.18.4-6.el9 | Jul 19, 2022 | Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | ||
| CVE-2021-3497 | — | < 1.16.1-3.el8 | 1.16.1-3.el8 | Apr 19, 2021 | GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. |
- CVE-2024-47597Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer
- CVE-2024-47596Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is gr
- CVE-2024-47546Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8
- CVE-2024-47545Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than
- CVE-2024-47544Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.
- CVE-2024-47543Dec 11, 2024affected < 1.22.12-4.el9fixed 1.22.12-4.el9
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is bi
- CVE-2024-47540Dec 11, 2024affected < 1.22.1-3.el9_5fixed 1.22.1-3.el9_5
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uni
- CVE-2024-47539Dec 11, 2024affected < 1.22.1-3.el9_5fixed 1.22.1-3.el9_5
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the stora
- CVE-2024-47537Dec 11, 2024affected < 1.22.1-3.el9_5fixed 1.22.1-3.el9_5
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from
- CVE-2023-37327May 3, 2024affected < 1.22.1-2.el9fixed 1.22.1-2.el9
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vector
- CVE-2022-1924Jul 19, 2022affected < 1.18.4-6.el9fixed 1.18.4-6.el9
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS ca
- CVE-2022-1923Jul 19, 2022affected < 1.18.4-6.el9fixed 1.18.4-6.el9
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS
- CVE-2022-2122Jul 19, 2022affected < 1.18.4-6.el9fixed 1.18.4-6.el9
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities,
- CVE-2022-1925Jul 19, 2022affected < 1.18.4-6.el9fixed 1.18.4-6.el9
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be
- CVE-2022-1922Jul 19, 2022affected < 1.18.4-6.el9fixed 1.18.4-6.el9
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the unde
- CVE-2022-1920Jul 19, 2022affected < 1.18.4-6.el9fixed 1.18.4-6.el9
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
- CVE-2022-1921Jul 19, 2022affected < 1.18.4-6.el9fixed 1.18.4-6.el9
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.
- CVE-2021-3497Apr 19, 2021affected < 1.16.1-3.el8fixed 1.16.1-3.el8
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
Page 2 of 2