An update for gstreamer1-plugins-base is now available for openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2563 Final 1.0 1.0 2024-12-20 Initial 2024-12-20 2024-12-20 openEuler SA Tool V1.0 2024-12-20 gstreamer1-plugins-base security update An update for gstreamer1-plugins-base is now available for openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1 GStreamer is a graphics library for built-in media processing components. BasePlug-ins is a the collections used to maintain the GStreamer plugin. Security Fix(es): (CVE-2024-47538) (CVE-2024-47541) (CVE-2024-47542) (CVE-2024-47600) (CVE-2024-47607) (CVE-2024-47615) (CVE-2024-47835) An update for gstreamer1-plugins-base is now available for openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High gstreamer1-plugins-base https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2563 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47538 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47541 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47542 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47600 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47607 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47615 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47835 https://nvd.nist.gov/vuln/detail/CVE-2024-47538 https://nvd.nist.gov/vuln/detail/CVE-2024-47541 https://nvd.nist.gov/vuln/detail/CVE-2024-47542 https://nvd.nist.gov/vuln/detail/CVE-2024-47600 https://nvd.nist.gov/vuln/detail/CVE-2024-47607 https://nvd.nist.gov/vuln/detail/CVE-2024-47615 https://nvd.nist.gov/vuln/detail/CVE-2024-47835 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 gstreamer1-plugins-base-1.22.5-2.oe2403.x86_64.rpm gstreamer1-plugins-base-debuginfo-1.22.5-2.oe2403.x86_64.rpm gstreamer1-plugins-base-debugsource-1.22.5-2.oe2403.x86_64.rpm gstreamer1-plugins-base-devel-1.22.5-2.oe2403.x86_64.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp4.x86_64.rpm gstreamer1-plugins-base-debuginfo-1.18.4-8.oe2203sp4.x86_64.rpm gstreamer1-plugins-base-debugsource-1.18.4-8.oe2203sp4.x86_64.rpm gstreamer1-plugins-base-devel-1.18.4-8.oe2203sp4.x86_64.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp3.x86_64.rpm gstreamer1-plugins-base-debuginfo-1.18.4-8.oe2203sp3.x86_64.rpm gstreamer1-plugins-base-debugsource-1.18.4-8.oe2203sp3.x86_64.rpm gstreamer1-plugins-base-devel-1.18.4-8.oe2203sp3.x86_64.rpm gstreamer1-plugins-base-1.16.2-6.oe2003sp4.x86_64.rpm gstreamer1-plugins-base-debuginfo-1.16.2-6.oe2003sp4.x86_64.rpm gstreamer1-plugins-base-debugsource-1.16.2-6.oe2003sp4.x86_64.rpm gstreamer1-plugins-base-devel-1.16.2-6.oe2003sp4.x86_64.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp1.x86_64.rpm gstreamer1-plugins-base-debuginfo-1.18.4-8.oe2203sp1.x86_64.rpm gstreamer1-plugins-base-debugsource-1.18.4-8.oe2203sp1.x86_64.rpm gstreamer1-plugins-base-devel-1.18.4-8.oe2203sp1.x86_64.rpm gstreamer1-plugins-base-help-1.22.5-2.oe2403.noarch.rpm gstreamer1-plugins-base-help-1.18.4-8.oe2203sp4.noarch.rpm gstreamer1-plugins-base-help-1.18.4-8.oe2203sp3.noarch.rpm gstreamer1-plugins-base-help-1.16.2-6.oe2003sp4.noarch.rpm gstreamer1-plugins-base-help-1.18.4-8.oe2203sp1.noarch.rpm gstreamer1-plugins-base-1.22.5-2.oe2403.aarch64.rpm gstreamer1-plugins-base-debuginfo-1.22.5-2.oe2403.aarch64.rpm gstreamer1-plugins-base-debugsource-1.22.5-2.oe2403.aarch64.rpm gstreamer1-plugins-base-devel-1.22.5-2.oe2403.aarch64.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp4.aarch64.rpm gstreamer1-plugins-base-debuginfo-1.18.4-8.oe2203sp4.aarch64.rpm gstreamer1-plugins-base-debugsource-1.18.4-8.oe2203sp4.aarch64.rpm gstreamer1-plugins-base-devel-1.18.4-8.oe2203sp4.aarch64.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp3.aarch64.rpm gstreamer1-plugins-base-debuginfo-1.18.4-8.oe2203sp3.aarch64.rpm gstreamer1-plugins-base-debugsource-1.18.4-8.oe2203sp3.aarch64.rpm gstreamer1-plugins-base-devel-1.18.4-8.oe2203sp3.aarch64.rpm gstreamer1-plugins-base-1.16.2-6.oe2003sp4.aarch64.rpm gstreamer1-plugins-base-debuginfo-1.16.2-6.oe2003sp4.aarch64.rpm gstreamer1-plugins-base-debugsource-1.16.2-6.oe2003sp4.aarch64.rpm gstreamer1-plugins-base-devel-1.16.2-6.oe2003sp4.aarch64.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp1.aarch64.rpm gstreamer1-plugins-base-debuginfo-1.18.4-8.oe2203sp1.aarch64.rpm gstreamer1-plugins-base-debugsource-1.18.4-8.oe2203sp1.aarch64.rpm gstreamer1-plugins-base-devel-1.18.4-8.oe2203sp1.aarch64.rpm gstreamer1-plugins-base-1.22.5-2.oe2403.src.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp4.src.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp3.src.rpm gstreamer1-plugins-base-1.16.2-6.oe2003sp4.src.rpm gstreamer1-plugins-base-1.18.4-8.oe2203sp1.src.rpm GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10. 2024-12-20 CVE-2024-47538 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 High 8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H gstreamer1-plugins-base security update 2024-12-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2563 GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10. 2024-12-20 CVE-2024-47541 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H gstreamer1-plugins-base security update 2024-12-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2563 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. 2024-12-20 CVE-2024-47542 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H gstreamer1-plugins-base security update 2024-12-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2563 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10. 2024-12-20 CVE-2024-47600 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 Medium 5.1 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L gstreamer1-plugins-base security update 2024-12-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2563 GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10. 2024-12-20 CVE-2024-47607 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 High 8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H gstreamer1-plugins-base security update 2024-12-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2563 GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10. 2024-12-20 CVE-2024-47615 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 High 8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H gstreamer1-plugins-base security update 2024-12-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2563 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10. 2024-12-20 CVE-2024-47835 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H gstreamer1-plugins-base security update 2024-12-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2563