gstreamer1-plugins-base-1.22.1-3.el9_5
エラータID: AXSA:2024-9482:05
リリース日:
2024/12/24 Tuesday - 21:01
題名:
gstreamer1-plugins-base-1.22.1-3.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GStreamer の gstvorbisdec.c の
vorbis_handle_identification_packet() 関数には、スタック
領域のオーバーフローの問題があるため、ローカルの攻撃者に
より、データ破壊、およびサービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2024-47538)
- GStreamer の gstopusdec.c の gst_opus_dec_parse_header()
関数には、スタックオーバーフローの問題があるため、ローカル
の攻撃者により、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2024-47607)
- GStreamer の vorbis_parse.c の
gst_parse_vorbis_setup_packet() 関数には、メモリ領域の
範囲外書き込みの問題があるため、ローカルの攻撃者により、
細工されたファイルの入力を介して、データ破壊、および
サービス拒否攻撃などを可能とする脆弱性が存在します。
(CVE-2024-47615)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-47538
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
CVE-2024-47607
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
CVE-2024-47615
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
追加情報:
N/A
ダウンロード:
SRPMS
- gstreamer1-plugins-base-1.22.1-3.el9_5.src.rpm
MD5: 6b7eec30bceadbe3a60be33f6d1d9b49
SHA-256: 0e64c5f07af6c78e40b6c3d6ffe1b1e89e22fd02167195308ca7093d1bc71b3f
Size: 2.26 MB
Asianux Server 9 for x86_64
- gstreamer1-plugins-base-1.22.1-3.el9_5.i686.rpm
MD5: 0dfc2d5c37781ed55eedc9189b781fa6
SHA-256: 43007b92658db7f95b012bce01fd5436b78db237937d67ac922d5428dbc0a1ee
Size: 2.29 MB - gstreamer1-plugins-base-1.22.1-3.el9_5.x86_64.rpm
MD5: a44d7279805277108ba65df9b9beb084
SHA-256: 41818d579eb2c4f2c80d75a8a51af1f89e7a984acb2ec653b7dcf6ebb728d6e6
Size: 2.23 MB - gstreamer1-plugins-base-devel-1.22.1-3.el9_5.i686.rpm
MD5: eab5f20d450800d44fc21b4c2457ae4a
SHA-256: 90b469f76f34911e2f1a5befaf69a7843163544906d5d906817d898ef9aa8338
Size: 522.07 kB - gstreamer1-plugins-base-devel-1.22.1-3.el9_5.x86_64.rpm
MD5: 6720528920a934e4a2d78cd87350e7e1
SHA-256: b4642d6b2fdea42a181976fcaea058eb4f781db1f47a25b98b7e1ac767f34a96
Size: 521.93 kB - gstreamer1-plugins-base-tools-1.22.1-3.el9_5.x86_64.rpm
MD5: 8dd46d3ab77af9634c152132ae28c366
SHA-256: e8c01e236a0e281ed975101c47949f66b7c71e9a22492c9a9e50e9d617d9f964
Size: 44.56 kB
English