gstreamer1-plugins-base-1.10.4-2.0.2.el7.AXS7
エラータID: AXSA:2025-11109:02
リリース日:
2025/11/26 Wednesday - 14:49
題名:
gstreamer1-plugins-base-1.10.4-2.0.2.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GStreamer の gstvorbisdec.c の
vorbis_handle_identification_packet() 関数には、スタック領域の
オーバーフローの問題があるため、ローカルの攻撃者により、データ
破壊、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-47538)
- GStreamer の gstopusdec.c の gst_opus_dec_parse_header() 関数
には、スタックオーバーフローの問題があるため、ローカルの攻撃者に
より、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2024-47607)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-47538
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
CVE-2024-47607
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- gstreamer1-plugins-base-1.10.4-2.0.2.el7.AXS7.i686.rpm
MD5: efea14640be504b85ac17fffc085c015
SHA-256: dbe5941fb6b1315fa64fdf1ed60f37b0886ce6f7c8cc96ca54927787aab4bb6b
Size: 1.43 MB - gstreamer1-plugins-base-1.10.4-2.0.2.el7.AXS7.x86_64.rpm
MD5: e0f5791501545488f2616ec7d72bf5f4
SHA-256: e009794af422f1bdf2d7a1f2ad19bc7ca393ec3f1a90944fd1e80e80cc8887d6
Size: 1.42 MB - gstreamer1-plugins-base-devel-1.10.4-2.0.2.el7.AXS7.i686.rpm
MD5: 8ef1e0d730c48b2c794d6194d06486b0
SHA-256: 6ba30164b9ec84590601bbbe32ce4adea7840a7c23cd0d4161758347ec17a736
Size: 299.34 kB - gstreamer1-plugins-base-devel-1.10.4-2.0.2.el7.AXS7.x86_64.rpm
MD5: b920b20af1e4643a3ea86ade8d58d834
SHA-256: 2eaf3a7603b777e1b2093f781df85652922cf4ca6e4389301c3abdd122cbdf69
Size: 299.40 kB
English