{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for gstreamer-plugins-good","title":"Title of the patch"},{"category":"description","text":"This update for gstreamer-plugins-good fixes the following issues:\n\n- CVE-2024-47540: Fixed an uninitialized stack memory in Matroska/WebM demuxer. (boo#1234421)\n- CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. (boo#1234414)\n- CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container. (boo#1234462)\n- CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (boo#1234473)\n- CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to out-of-bounds read. (boo#1234476)\n- CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads. (boo#1234424)\n- CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table parser (boo#1234425)\n- CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. (boo#1234427)\n- CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234428)\n- CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer. (boo#1234432)\n- CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234433)\n- CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449)\n- CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449)\n- CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder. (boo#1234447)\n- CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads to out-of-bounds reads. (boo#1234446)\n- CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser. (boo#1234434)\n- CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser. (boo#1234435)\n- CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser. (boo#1234436)\n- CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser. (boo#1234439)\n- CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files. (boo#1234440)\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2025-63,SUSE-SLE-SERVER-12-SP5-LTSS-2025-63,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-63","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_00063-1.json"},{"category":"self","summary":"URL for SUSE-SU-2025:00063-1","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202500063-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2025:00063-1","url":"https://lists.suse.com/pipermail/sle-updates/2025-June/040461.html"},{"category":"self","summary":"SUSE Bug 1234414","url":"https://bugzilla.suse.com/1234414"},{"category":"self","summary":"SUSE Bug 1234421","url":"https://bugzilla.suse.com/1234421"},{"category":"self","summary":"SUSE Bug 1234424","url":"https://bugzilla.suse.com/1234424"},{"category":"self","summary":"SUSE Bug 1234425","url":"https://bugzilla.suse.com/1234425"},{"category":"self","summary":"SUSE Bug 1234427","url":"https://bugzilla.suse.com/1234427"},{"category":"self","summary":"SUSE Bug 1234428","url":"https://bugzilla.suse.com/1234428"},{"category":"self","summary":"SUSE Bug 1234432","url":"https://bugzilla.suse.com/1234432"},{"category":"self","summary":"SUSE Bug 1234433","url":"https://bugzilla.suse.com/1234433"},{"category":"self","summary":"SUSE Bug 1234434","url":"https://bugzilla.suse.com/1234434"},{"category":"self","summary":"SUSE Bug 1234435","url":"https://bugzilla.suse.com/1234435"},{"category":"self","summary":"SUSE Bug 1234436","url":"https://bugzilla.suse.com/1234436"},{"category":"self","summary":"SUSE Bug 1234439","url":"https://bugzilla.suse.com/1234439"},{"category":"self","summary":"SUSE Bug 1234440","url":"https://bugzilla.suse.com/1234440"},{"category":"self","summary":"SUSE Bug 1234446","url":"https://bugzilla.suse.com/1234446"},{"category":"self","summary":"SUSE Bug 1234447","url":"https://bugzilla.suse.com/1234447"},{"category":"self","summary":"SUSE Bug 1234449","url":"https://bugzilla.suse.com/1234449"},{"category":"self","summary":"SUSE Bug 1234462","url":"https://bugzilla.suse.com/1234462"},{"category":"self","summary":"SUSE Bug 1234473","url":"https://bugzilla.suse.com/1234473"},{"category":"self","summary":"SUSE Bug 1234476","url":"https://bugzilla.suse.com/1234476"},{"category":"self","summary":"SUSE CVE CVE-2024-47537 page","url":"https://www.suse.com/security/cve/CVE-2024-47537/"},{"category":"self","summary":"SUSE CVE CVE-2024-47540 page","url":"https://www.suse.com/security/cve/CVE-2024-47540/"},{"category":"self","summary":"SUSE CVE CVE-2024-47543 page","url":"https://www.suse.com/security/cve/CVE-2024-47543/"},{"category":"self","summary":"SUSE CVE CVE-2024-47544 page","url":"https://www.suse.com/security/cve/CVE-2024-47544/"},{"category":"self","summary":"SUSE CVE CVE-2024-47545 page","url":"https://www.suse.com/security/cve/CVE-2024-47545/"},{"category":"self","summary":"SUSE CVE CVE-2024-47596 page","url":"https://www.suse.com/security/cve/CVE-2024-47596/"},{"category":"self","summary":"SUSE CVE CVE-2024-47597 page","url":"https://www.suse.com/security/cve/CVE-2024-47597/"},{"category":"self","summary":"SUSE CVE CVE-2024-47599 page","url":"https://www.suse.com/security/cve/CVE-2024-47599/"},{"category":"self","summary":"SUSE CVE CVE-2024-47601 page","url":"https://www.suse.com/security/cve/CVE-2024-47601/"},{"category":"self","summary":"SUSE CVE CVE-2024-47602 page","url":"https://www.suse.com/security/cve/CVE-2024-47602/"},{"category":"self","summary":"SUSE CVE CVE-2024-47603 page","url":"https://www.suse.com/security/cve/CVE-2024-47603/"},{"category":"self","summary":"SUSE CVE CVE-2024-47606 page","url":"https://www.suse.com/security/cve/CVE-2024-47606/"},{"category":"self","summary":"SUSE CVE CVE-2024-47613 page","url":"https://www.suse.com/security/cve/CVE-2024-47613/"},{"category":"self","summary":"SUSE CVE CVE-2024-47774 page","url":"https://www.suse.com/security/cve/CVE-2024-47774/"},{"category":"self","summary":"SUSE CVE CVE-2024-47775 page","url":"https://www.suse.com/security/cve/CVE-2024-47775/"},{"category":"self","summary":"SUSE CVE CVE-2024-47776 page","url":"https://www.suse.com/security/cve/CVE-2024-47776/"},{"category":"self","summary":"SUSE CVE CVE-2024-47777 page","url":"https://www.suse.com/security/cve/CVE-2024-47777/"},{"category":"self","summary":"SUSE CVE CVE-2024-47778 page","url":"https://www.suse.com/security/cve/CVE-2024-47778/"},{"category":"self","summary":"SUSE CVE CVE-2024-47834 page","url":"https://www.suse.com/security/cve/CVE-2024-47834/"}],"title":"Security update for gstreamer-plugins-good","tracking":{"current_release_date":"2025-06-24T12:03:30Z","generator":{"date":"2025-06-24T12:03:30Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2025:00063-1","initial_release_date":"2025-06-24T12:03:30Z","revision_history":[{"date":"2025-06-24T12:03:30Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"gstreamer-plugins-good-1.8.3-16.12.1.aarch64","product":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.aarch64","product_id":"gstreamer-plugins-good-1.8.3-16.12.1.aarch64"}},{"category":"product_version","name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.aarch64","product":{"name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.aarch64","product_id":"gstreamer-plugins-good-doc-1.8.3-16.12.1.aarch64"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.aarch64","product":{"name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.aarch64","product_id":"gstreamer-plugins-good-extra-1.8.3-16.12.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"gstreamer-plugins-good-64bit-1.8.3-16.12.1.aarch64_ilp32","product":{"name":"gstreamer-plugins-good-64bit-1.8.3-16.12.1.aarch64_ilp32","product_id":"gstreamer-plugins-good-64bit-1.8.3-16.12.1.aarch64_ilp32"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-64bit-1.8.3-16.12.1.aarch64_ilp32","product":{"name":"gstreamer-plugins-good-extra-64bit-1.8.3-16.12.1.aarch64_ilp32","product_id":"gstreamer-plugins-good-extra-64bit-1.8.3-16.12.1.aarch64_ilp32"}}],"category":"architecture","name":"aarch64_ilp32"},{"branches":[{"category":"product_version","name":"gstreamer-plugins-good-1.8.3-16.12.1.i586","product":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.i586","product_id":"gstreamer-plugins-good-1.8.3-16.12.1.i586"}},{"category":"product_version","name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.i586","product":{"name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.i586","product_id":"gstreamer-plugins-good-doc-1.8.3-16.12.1.i586"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.i586","product":{"name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.i586","product_id":"gstreamer-plugins-good-extra-1.8.3-16.12.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","product":{"name":"gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","product_id":"gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","product":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","product_id":"gstreamer-plugins-good-1.8.3-16.12.1.ppc64le"}},{"category":"product_version","name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.ppc64le","product":{"name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.ppc64le","product_id":"gstreamer-plugins-good-doc-1.8.3-16.12.1.ppc64le"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.ppc64le","product":{"name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.ppc64le","product_id":"gstreamer-plugins-good-extra-1.8.3-16.12.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"gstreamer-plugins-good-1.8.3-16.12.1.s390","product":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.s390","product_id":"gstreamer-plugins-good-1.8.3-16.12.1.s390"}},{"category":"product_version","name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.s390","product":{"name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.s390","product_id":"gstreamer-plugins-good-doc-1.8.3-16.12.1.s390"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.s390","product":{"name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.s390","product_id":"gstreamer-plugins-good-extra-1.8.3-16.12.1.s390"}}],"category":"architecture","name":"s390"},{"branches":[{"category":"product_version","name":"gstreamer-plugins-good-1.8.3-16.12.1.s390x","product":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.s390x","product_id":"gstreamer-plugins-good-1.8.3-16.12.1.s390x"}},{"category":"product_version","name":"gstreamer-plugins-good-32bit-1.8.3-16.12.1.s390x","product":{"name":"gstreamer-plugins-good-32bit-1.8.3-16.12.1.s390x","product_id":"gstreamer-plugins-good-32bit-1.8.3-16.12.1.s390x"}},{"category":"product_version","name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.s390x","product":{"name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.s390x","product_id":"gstreamer-plugins-good-doc-1.8.3-16.12.1.s390x"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.s390x","product":{"name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.s390x","product_id":"gstreamer-plugins-good-extra-1.8.3-16.12.1.s390x"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.s390x","product":{"name":"gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.s390x","product_id":"gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"gstreamer-plugins-good-1.8.3-16.12.1.x86_64","product":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.x86_64","product_id":"gstreamer-plugins-good-1.8.3-16.12.1.x86_64"}},{"category":"product_version","name":"gstreamer-plugins-good-32bit-1.8.3-16.12.1.x86_64","product":{"name":"gstreamer-plugins-good-32bit-1.8.3-16.12.1.x86_64","product_id":"gstreamer-plugins-good-32bit-1.8.3-16.12.1.x86_64"}},{"category":"product_version","name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.x86_64","product":{"name":"gstreamer-plugins-good-doc-1.8.3-16.12.1.x86_64","product_id":"gstreamer-plugins-good-doc-1.8.3-16.12.1.x86_64"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.x86_64","product":{"name":"gstreamer-plugins-good-extra-1.8.3-16.12.1.x86_64","product_id":"gstreamer-plugins-good-extra-1.8.3-16.12.1.x86_64"}},{"category":"product_version","name":"gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.x86_64","product":{"name":"gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.x86_64","product_id":"gstreamer-plugins-good-extra-32bit-1.8.3-16.12.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5","product":{"name":"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5","product_id":"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss-extended-security:12:sp5"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64"},"product_reference":"gstreamer-plugins-good-1.8.3-16.12.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le"},"product_reference":"gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x"},"product_reference":"gstreamer-plugins-good-1.8.3-16.12.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64"},"product_reference":"gstreamer-plugins-good-1.8.3-16.12.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"},"product_reference":"gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"gstreamer-plugins-good-1.8.3-16.12.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5","product_id":"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64"},"product_reference":"gstreamer-plugins-good-1.8.3-16.12.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5","product_id":"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"},"product_reference":"gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"}]},"vulnerabilities":[{"cve":"CVE-2024-47537","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47537"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47537","url":"https://www.suse.com/security/cve/CVE-2024-47537"},{"category":"external","summary":"SUSE Bug 1234414 for CVE-2024-47537","url":"https://bugzilla.suse.com/1234414"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"important"}],"title":"CVE-2024-47537"},{"cve":"CVE-2024-47540","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47540"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47540","url":"https://www.suse.com/security/cve/CVE-2024-47540"},{"category":"external","summary":"SUSE Bug 1234421 for CVE-2024-47540","url":"https://bugzilla.suse.com/1234421"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"important"}],"title":"CVE-2024-47540"},{"cve":"CVE-2024-47543","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47543"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47543","url":"https://www.suse.com/security/cve/CVE-2024-47543"},{"category":"external","summary":"SUSE Bug 1234462 for CVE-2024-47543","url":"https://bugzilla.suse.com/1234462"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47543"},{"cve":"CVE-2024-47544","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47544"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47544","url":"https://www.suse.com/security/cve/CVE-2024-47544"},{"category":"external","summary":"SUSE Bug 1234473 for CVE-2024-47544","url":"https://bugzilla.suse.com/1234473"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47544"},{"cve":"CVE-2024-47545","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47545"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47545","url":"https://www.suse.com/security/cve/CVE-2024-47545"},{"category":"external","summary":"SUSE Bug 1234476 for CVE-2024-47545","url":"https://bugzilla.suse.com/1234476"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47545"},{"cve":"CVE-2024-47596","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47596"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47596","url":"https://www.suse.com/security/cve/CVE-2024-47596"},{"category":"external","summary":"SUSE Bug 1234424 for CVE-2024-47596","url":"https://bugzilla.suse.com/1234424"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47596"},{"cve":"CVE-2024-47597","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47597"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47597","url":"https://www.suse.com/security/cve/CVE-2024-47597"},{"category":"external","summary":"SUSE Bug 1234425 for CVE-2024-47597","url":"https://bugzilla.suse.com/1234425"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47597"},{"cve":"CVE-2024-47599","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47599"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47599","url":"https://www.suse.com/security/cve/CVE-2024-47599"},{"category":"external","summary":"SUSE Bug 1234427 for CVE-2024-47599","url":"https://bugzilla.suse.com/1234427"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47599"},{"cve":"CVE-2024-47601","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47601"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47601","url":"https://www.suse.com/security/cve/CVE-2024-47601"},{"category":"external","summary":"SUSE Bug 1234428 for CVE-2024-47601","url":"https://bugzilla.suse.com/1234428"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47601"},{"cve":"CVE-2024-47602","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47602"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47602","url":"https://www.suse.com/security/cve/CVE-2024-47602"},{"category":"external","summary":"SUSE Bug 1234432 for CVE-2024-47602","url":"https://bugzilla.suse.com/1234432"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47602"},{"cve":"CVE-2024-47603","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47603"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47603","url":"https://www.suse.com/security/cve/CVE-2024-47603"},{"category":"external","summary":"SUSE Bug 1234433 for CVE-2024-47603","url":"https://bugzilla.suse.com/1234433"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47603"},{"cve":"CVE-2024-47606","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47606"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47606","url":"https://www.suse.com/security/cve/CVE-2024-47606"},{"category":"external","summary":"SUSE Bug 1234449 for CVE-2024-47606","url":"https://bugzilla.suse.com/1234449"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"important"}],"title":"CVE-2024-47606"},{"cve":"CVE-2024-47613","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47613"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47613","url":"https://www.suse.com/security/cve/CVE-2024-47613"},{"category":"external","summary":"SUSE Bug 1234447 for CVE-2024-47613","url":"https://bugzilla.suse.com/1234447"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47613"},{"cve":"CVE-2024-47774","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47774"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47774","url":"https://www.suse.com/security/cve/CVE-2024-47774"},{"category":"external","summary":"SUSE Bug 1234446 for CVE-2024-47774","url":"https://bugzilla.suse.com/1234446"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47774"},{"cve":"CVE-2024-47775","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47775"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47775","url":"https://www.suse.com/security/cve/CVE-2024-47775"},{"category":"external","summary":"SUSE Bug 1234434 for CVE-2024-47775","url":"https://bugzilla.suse.com/1234434"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47775"},{"cve":"CVE-2024-47776","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47776"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison  if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47776","url":"https://www.suse.com/security/cve/CVE-2024-47776"},{"category":"external","summary":"SUSE Bug 1234435 for CVE-2024-47776","url":"https://bugzilla.suse.com/1234435"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47776"},{"cve":"CVE-2024-47777","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47777"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47777","url":"https://www.suse.com/security/cve/CVE-2024-47777"},{"category":"external","summary":"SUSE Bug 1234436 for CVE-2024-47777","url":"https://bugzilla.suse.com/1234436"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47777"},{"cve":"CVE-2024-47778","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47778"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47778","url":"https://www.suse.com/security/cve/CVE-2024-47778"},{"category":"external","summary":"SUSE Bug 1234439 for CVE-2024-47778","url":"https://bugzilla.suse.com/1234439"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47778"},{"cve":"CVE-2024-47834","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-47834"}],"notes":[{"category":"general","text":"GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2024-47834","url":"https://www.suse.com/security/cve/CVE-2024-47834"},{"category":"external","summary":"SUSE Bug 1234440 for CVE-2024-47834","url":"https://bugzilla.suse.com/1234440"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.aarch64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.ppc64le","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.s390x","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server 12 SP5-LTSS:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-1.8.3-16.12.1.x86_64","SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gstreamer-plugins-good-lang-1.8.3-16.12.1.noarch"]}],"threats":[{"category":"impact","date":"2025-06-24T12:03:30Z","details":"moderate"}],"title":"CVE-2024-47834"}]}