Overview

File _patchinfo of Package patchinfo.36897

<patchinfo incident="36897">
  <issue tracker="cve" id="2024-47600"/>
  <issue tracker="cve" id="2024-47615"/>
  <issue tracker="cve" id="2024-47538"/>
  <issue tracker="cve" id="2024-47835"/>
  <issue tracker="cve" id="2024-47542"/>
  <issue tracker="cve" id="2024-47541"/>
  <issue tracker="cve" id="2024-47607"/>
  <issue tracker="bnc" id="1234453">VUL-0: CVE-2024-47600: gstreamer-plugins-base: Out-of-bounds read in gst-discoverer-1.0 commandline tool</issue>
  <issue tracker="bnc" id="1234460">VUL-0: CVE-2024-47542: gstreamer-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference</issue>
  <issue tracker="bnc" id="1234450">VUL-0: CVE-2024-47835: gstreamer-plugins-base: NULL-pointer dereference in LRC subtitle parser</issue>
  <issue tracker="bnc" id="1234459">VUL-0: CVE-2024-47541: gstreamer-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser</issue>
  <issue tracker="bnc" id="1234415">VUL-0: CVE-2024-47538: gstreamer-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet</issue>
  <issue tracker="bnc" id="1234456">VUL-0: CVE-2024-47615: gstreamer-plugins-base: Out-of-bounds write in Ogg demuxer</issue>
  <issue tracker="bnc" id="1234455">VUL-0: CVE-2024-47607: gstreamer-plugins-base: Stack buffer-overflow in Opus decoder</issue>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gstreamer-plugins-base</summary>
  <description>This update for gstreamer-plugins-base fixes the following issues:

- CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415)
- CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450)
- CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453)
- CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
- CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459)
- CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460)
- CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places