rpm package
suse/gstreamer-plugins-good&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47834 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_pars | ||
| CVE-2024-47778 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds | ||
| CVE-2024-47777 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size o | ||
| CVE-2024-47776 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the funct | ||
| CVE-2024-47775 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read fro | ||
| CVE-2024-47774 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without chec | ||
| CVE-2024-47613 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix | ||
| CVE-2024-47606 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a | ||
| CVE-2024-47603 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is call | ||
| CVE-2024-47602 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream-> | ||
| CVE-2024-47601 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity | ||
| CVE-2024-47599 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output | ||
| CVE-2024-47598 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_durat | ||
| CVE-2024-47597 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer | ||
| CVE-2024-47596 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is gr | ||
| CVE-2024-47546 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8 | ||
| CVE-2024-47545 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than | ||
| CVE-2024-47544 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. | ||
| CVE-2024-47543 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is bi | ||
| CVE-2024-47540 | — | < 1.20.1-150400.3.9.1 | 1.20.1-150400.3.9.1 | Dec 11, 2024 | GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uni |
- CVE-2024-47834Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_pars
- CVE-2024-47778Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds
- CVE-2024-47777Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size o
- CVE-2024-47776Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the funct
- CVE-2024-47775Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read fro
- CVE-2024-47774Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without chec
- CVE-2024-47613Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix
- CVE-2024-47606Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a
- CVE-2024-47603Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is call
- CVE-2024-47602Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->
- CVE-2024-47601Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity
- CVE-2024-47599Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output
- CVE-2024-47598Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_durat
- CVE-2024-47597Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer
- CVE-2024-47596Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is gr
- CVE-2024-47546Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8
- CVE-2024-47545Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than
- CVE-2024-47544Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.
- CVE-2024-47543Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is bi
- CVE-2024-47540Dec 11, 2024affected < 1.20.1-150400.3.9.1fixed 1.20.1-150400.3.9.1
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uni
Page 1 of 2