rpm package
opensuse/gstreamer-plugins-good&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gstreamer-plugins-good&distro=openSUSE%20Tumbleweed
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47775 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read fro | ||
| CVE-2024-47774 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without chec | ||
| CVE-2024-47613 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix | ||
| CVE-2024-47606 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a | ||
| CVE-2024-47601 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity | ||
| CVE-2024-47599 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output | ||
| CVE-2024-47598 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_durat | ||
| CVE-2024-47543 | — | < 1.24.10-3.1 | 1.24.10-3.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is bi | ||
| CVE-2024-47540 | — | < 1.24.11-2.1 | 1.24.11-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uni | ||
| CVE-2024-47539 | — | < 1.24.10-3.1 | 1.24.10-3.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the stora | ||
| CVE-2024-47537 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from | ||
| CVE-2024-47530 | — | < 1.24.10-2.1 | 1.24.10-2.1 | Sep 30, 2024 | Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additio | ||
| CVE-2017-5838 | Hig | 7.5 | < 1.18.5-2.1 | 1.18.5-2.1 | Feb 9, 2017 | The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | |
| CVE-2008-1686 | — | < 1.18.5-2.1 | 1.18.5-2.1 | Apr 8, 2008 | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a hea |
- CVE-2024-47775Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read fro
- CVE-2024-47774Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without chec
- CVE-2024-47613Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix
- CVE-2024-47606Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a
- CVE-2024-47601Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity
- CVE-2024-47599Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output
- CVE-2024-47598Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_durat
- CVE-2024-47543Dec 11, 2024affected < 1.24.10-3.1fixed 1.24.10-3.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is bi
- CVE-2024-47540Dec 11, 2024affected < 1.24.11-2.1fixed 1.24.11-2.1
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uni
- CVE-2024-47539Dec 11, 2024affected < 1.24.10-3.1fixed 1.24.10-3.1
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the stora
- CVE-2024-47537Dec 11, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from
- CVE-2024-47530Sep 30, 2024affected < 1.24.10-2.1fixed 1.24.10-2.1
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additio
- affected < 1.18.5-2.1fixed 1.18.5-2.1
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
- CVE-2008-1686Apr 8, 2008affected < 1.18.5-2.1fixed 1.18.5-2.1
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a hea