[ALSA-2025:7242] Moderate: gstreamer1-plugins-good security update
Type:
security
Severity:
moderate
Release date:
2025-07-02
Description:
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * gstreamer1-plugins-good: OOB-read in qtdemux_parse_container (CVE-2024-47543) * gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk (CVE-2024-47774) * gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk (CVE-2024-47777) * gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk (CVE-2024-47778) * gstreamer1-plugins-good: OOB-read in parse_ds64 (CVE-2024-47775) * gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing (CVE-2024-47596) * gstreamer1-plugins-good: insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (CVE-2024-47599) * gstreamer1-plugins-good: Use-After-Free read in Matroska CodecPrivate (CVE-2024-47834) * gstreamer1-plugins-good: OOB-read in gst_wavparse_cue_chunk (CVE-2024-47776) * gstreamer1-plugins-good: NULL-pointer dereferences in MP4/MOV demuxer CENC handling (CVE-2024-47544) * gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47601) * gstreamer1-plugins-good: OOB-read in qtdemux_parse_samples (CVE-2024-47597) * gstreamer1-plugins-good: integer underflow in extract_cc_from_data leading to OOB-read (CVE-2024-47546) * gstreamer1-plugins-good: NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (CVE-2024-47602) * gstreamer1-plugins-good: OOB-read in qtdemux_merge_sample_table (CVE-2024-47598) * gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47603) * gstreamer1-plugins-good: integer underflow in FOURCC_strf parsing leading to OOB-read (CVE-2024-47545) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 gstreamer1-plugins-good-1.22.12-4.el9.aarch64.rpm 5b5633481ba3f21d639b3c90e1adf76dffc4cf4da1cf9affa9be133e8c6860dc
aarch64 gstreamer1-plugins-good-gtk-1.22.12-4.el9.aarch64.rpm 9cba9278d12eabf8f762a5f289191701841f9b262cb03e97c7adc55d24945c3a
i686 gstreamer1-plugins-good-1.22.12-4.el9.i686.rpm 3bda2e114790b0dde3041df033f5658c1ba7c63fb217df7d57bf80c8d2a06c45
i686 gstreamer1-plugins-good-gtk-1.22.12-4.el9.i686.rpm d4659d46127f89526ba95a8539fb5a054372971d690c54ec495370f1e2cabf4e
ppc64le gstreamer1-plugins-good-1.22.12-4.el9.ppc64le.rpm b0e087a106d373dd41eccfec76c7b4359573e0195446f84083852aa4530d6e5b
ppc64le gstreamer1-plugins-good-gtk-1.22.12-4.el9.ppc64le.rpm f0065350c93274fe8ed03e9ce5501af009fe3d6c3225c0be7482cecb7677584b
s390x gstreamer1-plugins-good-1.22.12-4.el9.s390x.rpm 483ea0d23fc8068cf646abb3ac44f2ca1dec14c2b4cdb23ed518a7f8cf5af234
s390x gstreamer1-plugins-good-gtk-1.22.12-4.el9.s390x.rpm b9942d62d3ec3501c7ad518366268f2748b94bd297dacd956df0248316efea95
x86_64 gstreamer1-plugins-good-gtk-1.22.12-4.el9.x86_64.rpm 232256d7db990e4dcfba0dc6ac6b4ff98e767cf9baf52def7527986f7ff3d0b9
x86_64 gstreamer1-plugins-good-1.22.12-4.el9.x86_64.rpm 9b6cb0ad20c5a42ce5b60cabba947c51a6e805ac4f7d61422317a0aaeda4621d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.