{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"gstreamer1-plugins-good security update", "category":"general", "title":"Synopsis" }, { "text":"An update for gstreamer1-plugins-good is now available for openEuler-22.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plugins.\n\nSecurity Fix(es):\n\n(CVE-2024-47537)\n\n(CVE-2024-47539)\n\n(CVE-2024-47540)\n\n(CVE-2024-47543)\n\n(CVE-2024-47544)\n\n(CVE-2024-47545)\n\n(CVE-2024-47546)\n\n(CVE-2024-47596)\n\n(CVE-2024-47597)\n\n(CVE-2024-47599)\n\n(CVE-2024-47601)\n\n(CVE-2024-47602)\n\n(CVE-2024-47603)\n\n(CVE-2024-47606)\n\n(CVE-2024-47613)\n\n(CVE-2024-47774)\n\n(CVE-2024-47775)\n\n(CVE-2024-47776)\n\n(CVE-2024-47777)\n\n(CVE-2024-47778)\n\n(CVE-2024-47834)", "category":"general", "title":"Description" }, { "text":"An update for gstreamer1-plugins-good is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"gstreamer1-plugins-good", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-2595", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" }, { "summary":"CVE-2024-47537", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47537&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47539", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47539&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47540", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47540&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47543", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47543&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47544", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47544&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47545", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47545&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47546", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47546&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47596", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47596&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47597", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47597&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47599", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47599&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47601", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47601&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47602", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47602&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47603", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47603&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47606", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47606&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47613", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47613&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47774", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47774&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47775", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47775&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47776", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47776&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47777", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47777&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47778", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47778&packageName=gstreamer1-plugins-good" }, { "summary":"CVE-2024-47834", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47834&packageName=gstreamer1-plugins-good" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47537" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47539" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47540" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47543" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47544" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47545" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47546" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47596" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47597" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47599" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47601" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47602" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47603" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47606" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47613" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47774" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47775" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47776" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47777" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47778" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47834" }, { "summary":"openEuler-SA-2024-2595 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2595.json" } ], "title":"An update for gstreamer1-plugins-good is now available for openEuler-22.03-LTS-SP1", "tracking":{ "initial_release_date":"2024-12-27T20:33:52+08:00", "revision_history":[ { "date":"2024-12-27T20:33:52+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2024-12-27T20:33:52+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-12-27T20:33:52+08:00", "id":"openEuler-SA-2024-2595", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"openEuler-22.03-LTS-SP1", "name":"openEuler-22.03-LTS-SP1" }, "name":"openEuler-22.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64.rpm", "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64.rpm" }, "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64.rpm", "name":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64.rpm" }, "name":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64.rpm", "name":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64.rpm" }, "name":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64.rpm", "name":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64.rpm" }, "name":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src.rpm", "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src.rpm" }, "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64.rpm", "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64.rpm" }, "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64.rpm", "name":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64.rpm" }, "name":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64.rpm", "name":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64.rpm" }, "name":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64.rpm", "name":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64.rpm" }, "name":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch.rpm", "name":"gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch.rpm" }, "name":"gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "name":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "name":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "name":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "name":"gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "name":"gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "name":"gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "name":"gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch", "name":"gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-47537", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47537" }, { "cve":"CVE-2024-47539", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47539" }, { "cve":"CVE-2024-47540", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47540" }, { "cve":"CVE-2024-47543", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47543" }, { "cve":"CVE-2024-47544", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47544" }, { "cve":"CVE-2024-47545", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47545" }, { "cve":"CVE-2024-47546", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47546" }, { "cve":"CVE-2024-47596", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47596" }, { "cve":"CVE-2024-47597", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47597" }, { "cve":"CVE-2024-47599", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47599" }, { "cve":"CVE-2024-47601", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47601" }, { "cve":"CVE-2024-47602", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47602" }, { "cve":"CVE-2024-47603", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47603" }, { "cve":"CVE-2024-47606", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47606" }, { "cve":"CVE-2024-47613", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47613" }, { "cve":"CVE-2024-47774", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47774" }, { "cve":"CVE-2024-47775", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47775" }, { "cve":"CVE-2024-47776", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47776" }, { "cve":"CVE-2024-47777", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47777" }, { "cve":"CVE-2024-47778", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-47778" }, { "cve":"CVE-2024-47834", "notes":[ { "text":"GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ], "details":"gstreamer1-plugins-good security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2595" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.src", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debuginfo-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-debugsource-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-gtk-1.16.2-8.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:gstreamer1-plugins-good-help-1.16.2-8.oe2203sp1.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-47834" } ] }