rpm package
opensuse/gstreamer-plugins-base&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gstreamer-plugins-base&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47835 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer | ||
| CVE-2024-47615 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed th | ||
| CVE-2024-47607 | — | < 1.24.11-1.1 | 1.24.11-1.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will | ||
| CVE-2024-47600 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. | ||
| CVE-2024-47542 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is | ||
| CVE-2024-47538 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exce | ||
| CVE-2019-9928 | — | < 1.18.5-2.1 | 1.18.5-2.1 | Apr 24, 2019 | GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. |
- CVE-2024-47835Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer
- CVE-2024-47615Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed th
- CVE-2024-47607Dec 11, 2024affected < 1.24.11-1.1fixed 1.24.11-1.1
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will
- CVE-2024-47600Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements.
- CVE-2024-47542Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is
- CVE-2024-47538Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exce
- CVE-2019-9928Apr 24, 2019affected < 1.18.5-2.1fixed 1.18.5-2.1
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.