gstreamer1-plugins-base-1.16.1-5.el8_10

エラータID: AXSA:2024-9435:04

Release date: 
Thursday, December 19, 2024 - 22:52
Subject: 
gstreamer1-plugins-base-1.16.1-5.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.

Security Fix(es):

* gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet (CVE-2024-47538)
* gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer (CVE-2024-47615)
* gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header (CVE-2024-47607)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-47538
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.
CVE-2024-47607
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
CVE-2024-47615
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.

Solution: 

Update packages.

CVEs: 
CVE-2024-47538
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.
CVE-2024-47607
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
CVE-2024-47615
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
Additional Info: 

N/A

Download: 

SRPMS
  1. gstreamer1-plugins-base-1.16.1-5.el8_10.src.rpm
    MD5: 0b454718a2f3a7a39597a23f0f021dce
    SHA-256: 3f6f2c017b68b397cdbe436996fa8c165e639965534fd3dfbadaa216392a0add
    Size: 3.78 MB

Asianux Server 8 for x86_64
  1. gstreamer1-plugins-base-1.16.1-5.el8_10.i686.rpm
    MD5: 71c06a954e1cf753a2e64ee1b9b52936
    SHA-256: a958b40063a805f8615a4a4a96e33fd8cee375814a8009ee8ab417e7cb216803
    Size: 2.03 MB
  2. gstreamer1-plugins-base-1.16.1-5.el8_10.x86_64.rpm
    MD5: ab382165fdf867f6bf34d31254cf73a0
    SHA-256: 3a6a056bdf2c9e296aa2749fb9c04e887c926478c7961b9740b849bf96acbe59
    Size: 1.95 MB
  3. gstreamer1-plugins-base-devel-1.16.1-5.el8_10.i686.rpm
    MD5: f5b3236f0fe937d504fe6b07b47edeaa
    SHA-256: f289de898b81ea9015ca88e38366c92d004dcb98ad0a92e1f30d984e66d8ba6f
    Size: 420.96 kB
  4. gstreamer1-plugins-base-devel-1.16.1-5.el8_10.x86_64.rpm
    MD5: 887b9e6be1b7e2db6eb60885ed22c718
    SHA-256: 2bbf0621f2bd1d1403a213e12bbf43c42b9047f02176b3207010bdb3f73611a5
    Size: 421.02 kB