rpm package
suse/gstreamer-plugins-base&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47808 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Aug 7, 2025 | In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. | ||
| CVE-2025-47807 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Aug 7, 2025 | In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. | ||
| CVE-2025-47806 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Aug 7, 2025 | In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash. | ||
| CVE-2024-47835 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer | ||
| CVE-2024-47615 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed th | ||
| CVE-2024-47607 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will | ||
| CVE-2024-47600 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. | ||
| CVE-2024-47542 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is | ||
| CVE-2024-47541 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) | ||
| CVE-2024-47538 | — | < 1.16.3-150200.4.19.1 | 1.16.3-150200.4.19.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exce | ||
| CVE-2024-4453 | — | < 1.16.3-150200.4.14.2 | 1.16.3-150200.4.14.2 | May 22, 2024 | GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve | ||
| CVE-2023-37328 | — | < 1.16.3-150200.4.9.2 | 1.16.3-150200.4.9.2 | May 3, 2024 | GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but atta | ||
| CVE-2023-37327 | — | < 1.16.3-150200.4.9.2 | 1.16.3-150200.4.9.2 | May 3, 2024 | GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vector | ||
| CVE-2021-3522 | Med | 5.5 | < 1.16.3-150200.4.6.2 | 1.16.3-150200.4.6.2 | Jun 2, 2021 | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. |
- CVE-2025-47808Aug 7, 2025affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
- CVE-2025-47807Aug 7, 2025affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
- CVE-2025-47806Aug 7, 2025affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
- CVE-2024-47835Dec 11, 2024affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer
- CVE-2024-47615Dec 11, 2024affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed th
- CVE-2024-47607Dec 11, 2024affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will
- CVE-2024-47600Dec 11, 2024affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements.
- CVE-2024-47542Dec 11, 2024affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is
- CVE-2024-47541Dec 11, 2024affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha)
- CVE-2024-47538Dec 11, 2024affected < 1.16.3-150200.4.19.1fixed 1.16.3-150200.4.19.1
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exce
- CVE-2024-4453May 22, 2024affected < 1.16.3-150200.4.14.2fixed 1.16.3-150200.4.14.2
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack ve
- CVE-2023-37328May 3, 2024affected < 1.16.3-150200.4.9.2fixed 1.16.3-150200.4.9.2
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but atta
- CVE-2023-37327May 3, 2024affected < 1.16.3-150200.4.9.2fixed 1.16.3-150200.4.9.2
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vector
- affected < 1.16.3-150200.4.6.2fixed 1.16.3-150200.4.6.2
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.