gstreamer-plugins-base-1.24.10-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14577-1 Final 1 1 2024-12-13T00:00:00Z current 2024-12-13T00:00:00Z 2024-12-13T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gstreamer-plugins-base-1.24.10-2.1 on GA media These are all security issues fixed in the gstreamer-plugins-base-1.24.10-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14577 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M64SNUMTNONUECANIAVBUNBV6RTL5TDY/ E-Mail link for openSUSE-SU-2024:14577-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-47538/ SUSE CVE CVE-2024-47538 page https://www.suse.com/security/cve/CVE-2024-47542/ SUSE CVE CVE-2024-47542 page https://www.suse.com/security/cve/CVE-2024-47600/ SUSE CVE CVE-2024-47600 page https://www.suse.com/security/cve/CVE-2024-47615/ SUSE CVE CVE-2024-47615 page https://www.suse.com/security/cve/CVE-2024-47835/ SUSE CVE CVE-2024-47835 page openSUSE Tumbleweed gstreamer-plugins-base-1.24.10-2.1 gstreamer-plugins-base-32bit-1.24.10-2.1 gstreamer-plugins-base-devel-1.24.10-2.1 gstreamer-plugins-base-devel-32bit-1.24.10-2.1 gstreamer-plugins-base-lang-1.24.10-2.1 libgstallocators-1_0-0-1.24.10-2.1 libgstallocators-1_0-0-32bit-1.24.10-2.1 libgstapp-1_0-0-1.24.10-2.1 libgstapp-1_0-0-32bit-1.24.10-2.1 libgstaudio-1_0-0-1.24.10-2.1 libgstaudio-1_0-0-32bit-1.24.10-2.1 libgstfft-1_0-0-1.24.10-2.1 libgstfft-1_0-0-32bit-1.24.10-2.1 libgstgl-1_0-0-1.24.10-2.1 libgstgl-1_0-0-32bit-1.24.10-2.1 libgstpbutils-1_0-0-1.24.10-2.1 libgstpbutils-1_0-0-32bit-1.24.10-2.1 libgstriff-1_0-0-1.24.10-2.1 libgstriff-1_0-0-32bit-1.24.10-2.1 libgstrtp-1_0-0-1.24.10-2.1 libgstrtp-1_0-0-32bit-1.24.10-2.1 libgstrtsp-1_0-0-1.24.10-2.1 libgstrtsp-1_0-0-32bit-1.24.10-2.1 libgstsdp-1_0-0-1.24.10-2.1 libgstsdp-1_0-0-32bit-1.24.10-2.1 libgsttag-1_0-0-1.24.10-2.1 libgsttag-1_0-0-32bit-1.24.10-2.1 libgstvideo-1_0-0-1.24.10-2.1 libgstvideo-1_0-0-32bit-1.24.10-2.1 typelib-1_0-GstAllocators-1_0-1.24.10-2.1 typelib-1_0-GstApp-1_0-1.24.10-2.1 typelib-1_0-GstAudio-1_0-1.24.10-2.1 typelib-1_0-GstGL-1_0-1.24.10-2.1 typelib-1_0-GstGLEGL-1_0-1.24.10-2.1 typelib-1_0-GstGLWayland-1_0-1.24.10-2.1 typelib-1_0-GstGLX11-1_0-1.24.10-2.1 typelib-1_0-GstPbutils-1_0-1.24.10-2.1 typelib-1_0-GstRtp-1_0-1.24.10-2.1 typelib-1_0-GstRtsp-1_0-1.24.10-2.1 typelib-1_0-GstSdp-1_0-1.24.10-2.1 typelib-1_0-GstTag-1_0-1.24.10-2.1 typelib-1_0-GstVideo-1_0-1.24.10-2.1 gstreamer-plugins-base-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-base-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-base-devel-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-base-devel-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-base-lang-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstallocators-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstallocators-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstapp-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstapp-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstaudio-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstaudio-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstfft-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstfft-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstgl-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstgl-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstpbutils-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstpbutils-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstriff-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstriff-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstrtp-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstrtp-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstrtsp-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstrtsp-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstsdp-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstsdp-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgsttag-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgsttag-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstvideo-1_0-0-1.24.10-2.1 as a component of openSUSE Tumbleweed libgstvideo-1_0-0-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstAllocators-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstApp-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstAudio-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstGL-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstGLEGL-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstGLWayland-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstGLX11-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstPbutils-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstRtp-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstRtsp-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstSdp-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstTag-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed typelib-1_0-GstVideo-1_0-1.24.10-2.1 as a component of openSUSE Tumbleweed GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10. CVE-2024-47538 openSUSE Tumbleweed:gstreamer-plugins-base-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-lang-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAllocators-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstApp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAudio-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLEGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLWayland-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLX11-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstPbutils-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtsp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstSdp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstTag-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstVideo-1_0-1.24.10-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M64SNUMTNONUECANIAVBUNBV6RTL5TDY/ https://www.suse.com/security/cve/CVE-2024-47538.html CVE-2024-47538 https://bugzilla.suse.com/1234415 SUSE Bug 1234415 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. CVE-2024-47542 openSUSE Tumbleweed:gstreamer-plugins-base-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-lang-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAllocators-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstApp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAudio-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLEGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLWayland-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLX11-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstPbutils-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtsp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstSdp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstTag-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstVideo-1_0-1.24.10-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M64SNUMTNONUECANIAVBUNBV6RTL5TDY/ https://www.suse.com/security/cve/CVE-2024-47542.html CVE-2024-47542 https://bugzilla.suse.com/1234460 SUSE Bug 1234460 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10. CVE-2024-47600 openSUSE Tumbleweed:gstreamer-plugins-base-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-lang-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAllocators-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstApp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAudio-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLEGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLWayland-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLX11-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstPbutils-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtsp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstSdp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstTag-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstVideo-1_0-1.24.10-2.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M64SNUMTNONUECANIAVBUNBV6RTL5TDY/ https://www.suse.com/security/cve/CVE-2024-47600.html CVE-2024-47600 https://bugzilla.suse.com/1234453 SUSE Bug 1234453 GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10. CVE-2024-47615 openSUSE Tumbleweed:gstreamer-plugins-base-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-lang-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAllocators-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstApp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAudio-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLEGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLWayland-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLX11-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstPbutils-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtsp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstSdp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstTag-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstVideo-1_0-1.24.10-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M64SNUMTNONUECANIAVBUNBV6RTL5TDY/ https://www.suse.com/security/cve/CVE-2024-47615.html CVE-2024-47615 https://bugzilla.suse.com/1234456 SUSE Bug 1234456 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10. CVE-2024-47835 openSUSE Tumbleweed:gstreamer-plugins-base-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-devel-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-base-lang-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstallocators-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstapp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstaudio-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstfft-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstgl-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstpbutils-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstriff-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstrtsp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstsdp-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgsttag-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-1.24.10-2.1 openSUSE Tumbleweed:libgstvideo-1_0-0-32bit-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAllocators-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstApp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstAudio-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLEGL-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLWayland-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstGLX11-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstPbutils-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstRtsp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstSdp-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstTag-1_0-1.24.10-2.1 openSUSE Tumbleweed:typelib-1_0-GstVideo-1_0-1.24.10-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M64SNUMTNONUECANIAVBUNBV6RTL5TDY/ https://www.suse.com/security/cve/CVE-2024-47835.html CVE-2024-47835 https://bugzilla.suse.com/1234450 SUSE Bug 1234450