VYPR

rpm package

suse/gstreamer-plugins-good&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Vulnerabilities (24)

  • CVE-2025-47219HigAug 7, 2025
    affected < 1.22.0-150500.4.10.1fixed 1.22.0-150500.4.10.1

    In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.

  • CVE-2025-47183Aug 7, 2025
    affected < 1.22.0-150500.4.10.1fixed 1.22.0-150500.4.10.1

    In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.

  • CVE-2024-47834Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_pars

  • CVE-2024-47778Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds

  • CVE-2024-47777Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size o

  • CVE-2024-47776Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the funct

  • CVE-2024-47775Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read fro

  • CVE-2024-47774Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without chec

  • CVE-2024-47613Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix

  • CVE-2024-47606Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a

  • CVE-2024-47603Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is call

  • CVE-2024-47602Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->

  • CVE-2024-47601Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity

  • CVE-2024-47599Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output

  • CVE-2024-47598Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_durat

  • CVE-2024-47597Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer

  • CVE-2024-47596Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is gr

  • CVE-2024-47546Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8

  • CVE-2024-47545Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than

  • CVE-2024-47544Dec 11, 2024
    affected < 1.22.0-150500.4.6.1fixed 1.22.0-150500.4.6.1

    GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.

Page 1 of 2