gstreamer1-plugins-base-1.22.12-4.el9
エラータID: AXSA:2025-10279:01
リリース日:
2025/07/01 Tuesday - 00:12
題名:
gstreamer1-plugins-base-1.22.12-4.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GStreamer の gstssaparse.c の
gst_ssa_parse_remove_override_codes() 関数には、メモリ領域の範囲外
書き込みの問題があるため、ローカルの攻撃者により、細工されたデータの
処理を介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-47541)
- GStreamer の id3v2.c の id3v2_read_synch_uint() 関数には、NULL
ポインタデリファレンスの問題があるため、ローカルの攻撃者により、
サービス拒否攻撃 (セグメンテーションフォルトの発生) を可能とする
脆弱性が存在します。(CVE-2024-47542)
- GStreamer の gst-discoverer.c の format_channel_mask() 関数には、
メモリ領域の範囲外読み取りの問題があるため、ローカルの攻撃者により、
メモリ破壊、情報の漏洩、およびサービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2024-47600)
- GStreamer の gstsubparse.c の LRC 字幕パーサーの parse_lrc()
関数には、NULL ポインタデリファレンスの問題があるため、ローカルの
攻撃者により、特定のデータに ']' が含まれていないように細工された
ファイルの入力を介して、サービス拒否攻撃 (アプリケーションの
クラッシュの発生) を可能とする脆弱性が存在します。(CVE-2024-47835)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-47541
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
CVE-2024-47542
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
CVE-2024-47600
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
CVE-2024-47835
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
追加情報:
N/A
ダウンロード:
SRPMS
- gstreamer1-plugins-base-1.22.12-4.el9.src.rpm
MD5: 04b3e5bdc2d8dadaafc8d454e93cabf0
SHA-256: a11e99559af1a06afd2de0b6f8eaa7b06e67db69121a44d0618f281cfa205387
Size: 2.30 MB
Asianux Server 9 for x86_64
- gstreamer1-plugins-base-1.22.12-4.el9.i686.rpm
MD5: 0cd33b11ceffea43cd0b716f73bc9e3d
SHA-256: 7b1526906ddb88f4630eb3a7acc0593fc1df56222091d78898fb89780cf8392c
Size: 2.30 MB - gstreamer1-plugins-base-1.22.12-4.el9.x86_64.rpm
MD5: d57e9e1c88198f105b965a776d1594a4
SHA-256: b7811c04055ed2fac7064728d52e8e44d45cafe9c48239824c759b0190365924
Size: 2.23 MB - gstreamer1-plugins-base-devel-1.22.12-4.el9.i686.rpm
MD5: d54f6aed3ddf8203718faa547f792b78
SHA-256: e2f209df39a7f1e362149979372ce95cd1cc10fafbaa73339a6d1f902690c463
Size: 523.25 kB - gstreamer1-plugins-base-devel-1.22.12-4.el9.x86_64.rpm
MD5: 15530d87ae1f5ba34ef24f3a67ee36c5
SHA-256: cba832a6b35eb5d278f0360f1165085fc6e7bd3e5718e372239ec0711c053fdd
Size: 523.68 kB - gstreamer1-plugins-base-tools-1.22.12-4.el9.x86_64.rpm
MD5: c973678d6781fb18039a3fed3093e9ef
SHA-256: c06b17b1fdc041956603dd35ba60601a9606c54aa7482e5415efbcff53a8c7f7
Size: 45.55 kB
English