gstreamer1-plugins-bad-free-1.22.12-3.el9, gstreamer1-plugins-ugly-free-1.22.12-3.el9, gstreamer1-rtsp-server-1.22.12-3.el9, gstreamer1-1.22.12-3.el9

エラータID: AXSA:2025-10412:01

Release date: 
Friday, July 4, 2025 - 13:44
Subject: 
gstreamer1-plugins-bad-free-1.22.12-3.el9, gstreamer1-plugins-ugly-free-1.22.12-3.el9, gstreamer1-rtsp-server-1.22.12-3.el9, gstreamer1-1.22.12-3.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The gstreamer1 packages contain a streaming media framework, based on graphs of filters which operate on media data.

Security Fix(es):

* gstreamer: EXIF Metadata Parsing Integer Overflow (CVE-2024-4453)
* gstreamer: AV1 Video Parsing Stack-based Buffer Overflow (CVE-2024-0444)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9 Release Notes linked from the References section.

CVE-2024-0444
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
CVE-2024-4453
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.

Solution: 

Update packages.

CVEs: 
CVE-2024-0444
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.
CVE-2024-4453
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.
Additional Info: 

N/A

Download: 

SRPMS
  1. gstreamer1-plugins-bad-free-1.22.12-3.el9.src.rpm
    MD5: 01db27d535ffecc8fe3bafdcad80d7a3
    SHA-256: e44812c52e4bbc63571d3acf5a869120e7b4a24be2f8e44b1bd4c0944d492deb
    Size: 5.32 MB
  2. gstreamer1-plugins-ugly-free-1.22.12-3.el9.src.rpm
    MD5: 1440010887c1ace55e8420c7b90979d2
    SHA-256: 8ee62ee5f57caf8b62abf2d04f23c0dbdc3cf1145629989e26c75d32983768e3
    Size: 264.19 kB
  3. gstreamer1-rtsp-server-1.22.12-3.el9.src.rpm
    MD5: 872c2c0e0527b27a51c565cf2665fc3d
    SHA-256: 7f43c87289b500194ce5bbf18e4d8c280c9c3eb9de74b28b4f59c4dff655d763
    Size: 286.69 kB
  4. gstreamer1-1.22.12-3.el9.src.rpm
    MD5: 781a804ac2cfb352c3d2dbb57faae3b5
    SHA-256: cddf1365795e1fa631f02bab07a839f33e2860ac724ad656e4b3f625c3154511
    Size: 1.74 MB

Asianux Server 9 for x86_64
  1. gstreamer1-1.22.12-3.el9.i686.rpm
    MD5: a942cb07b1132a35e775e3ff1d9219dd
    SHA-256: 928310df19b2afe0dbbb74334365d2c1d09d4390b88085bf1c12af0ab42c34de
    Size: 1.49 MB
  2. gstreamer1-1.22.12-3.el9.x86_64.rpm
    MD5: 46aed995217974802ae473a8a78ad2a1
    SHA-256: ebc22f49c53573887ce4ab446f72fa8cf96b3a1f8ef2fc95575279b5aa313d10
    Size: 1.44 MB
  3. gstreamer1-devel-1.22.12-3.el9.i686.rpm
    MD5: b7ac04e20b96ab77851c88aed9c380d0
    SHA-256: 1aa138bb1a7c9321803c5a37cccd2877f3b4c5ea0a3740e0de5af6a028f045b4
    Size: 543.04 kB
  4. gstreamer1-devel-1.22.12-3.el9.x86_64.rpm
    MD5: 78af5b271700758286ffdd276e4bfcbb
    SHA-256: f9aa541be86baa90bfc5ca010b8af17842092b4e1b3cfd8c936c6b829717b0a0
    Size: 542.80 kB
  5. gstreamer1-plugins-bad-free-1.22.12-3.el9.i686.rpm
    MD5: 6d61d1f7d15652c8c42caf35b7a40191
    SHA-256: 5ba06dee5dde8dafc097a83c146ac8fb6d823bc52f3ddfe2a16afb6cba9eac6a
    Size: 2.57 MB
  6. gstreamer1-plugins-bad-free-1.22.12-3.el9.x86_64.rpm
    MD5: 4ec4dfcb3cfe908354afb9c0e1a56c2e
    SHA-256: 71f0c1530ed8180ea2443ed850e2755e06788a7f095d6074664d8a015ac9e7ff
    Size: 2.48 MB
  7. gstreamer1-plugins-bad-free-devel-1.22.12-3.el9.i686.rpm
    MD5: 9cbcd8cea054beb53aa81fe64303aa59
    SHA-256: 6fbb5740f6d6158724dd6a5a17dd5c878cea4097ce8ebceadd15058363c57096
    Size: 315.94 kB
  8. gstreamer1-plugins-bad-free-devel-1.22.12-3.el9.x86_64.rpm
    MD5: c902a375146f6efc9e07150ced93cf42
    SHA-256: 038d79b2267bf8bac6c1f160da9ca91008067f0515528d7938d3a04218e1314b
    Size: 316.09 kB
  9. gstreamer1-plugins-bad-free-libs-1.22.12-3.el9.i686.rpm
    MD5: 1d1cf14c4f087f32ade31932b5cd78bf
    SHA-256: 2192471073c5112c3def0bd43582c749d210f32c4ac6faca98f473b1e62aab38
    Size: 768.34 kB
  10. gstreamer1-plugins-bad-free-libs-1.22.12-3.el9.x86_64.rpm
    MD5: 284ecc1c8ff3476f64ee5ec4491202fd
    SHA-256: 21da0c859dc5468609db3571bd12af66bc1c355f8f23416a0b44797fce2a7e2d
    Size: 766.81 kB
  11. gstreamer1-plugins-ugly-free-1.22.12-3.el9.i686.rpm
    MD5: b824ef6394bb3d47e51897f5d26a5e2c
    SHA-256: ff5e628afb0c5f262c9d51a7da3a86e4d8b753de3ebbf096edc540d9c0ba8ff3
    Size: 290.02 kB
  12. gstreamer1-plugins-ugly-free-1.22.12-3.el9.x86_64.rpm
    MD5: 912977b96efaf01c2316630d183856ef
    SHA-256: 0822fbc077eaabee7c863e39b44329fe9e31d55816a88742d0647b82a5b235df
    Size: 279.44 kB
  13. gstreamer1-rtsp-server-1.22.12-3.el9.i686.rpm
    MD5: 3db40785be67359ab3708c6c22ddc012
    SHA-256: c0a13f61e9801f9ffbc0a7cdc090b59c6d514643b642ace3bb3710dd30481c79
    Size: 228.21 kB
  14. gstreamer1-rtsp-server-1.22.12-3.el9.x86_64.rpm
    MD5: 4ea8cbbc77bfe564cee74448e7634cc1
    SHA-256: b35ebb7498937dd2cb407ba9f674013d16fa08db5f965ec0e26b0f7d70e61284
    Size: 221.17 kB