Overview

File _patchinfo of Package patchinfo.39155

<patchinfo incident="39155">
  <issue tracker="cve" id="2024-47539"/>
  <issue tracker="cve" id="2024-47601"/>
  <issue tracker="cve" id="2024-47775"/>
  <issue tracker="cve" id="2024-47776"/>
  <issue tracker="cve" id="2024-47546"/>
  <issue tracker="cve" id="2024-47599"/>
  <issue tracker="cve" id="2024-47537"/>
  <issue tracker="cve" id="2024-47597"/>
  <issue tracker="cve" id="2024-47834"/>
  <issue tracker="cve" id="2024-47613"/>
  <issue tracker="cve" id="2024-47603"/>
  <issue tracker="cve" id="2024-47596"/>
  <issue tracker="cve" id="2024-47543"/>
  <issue tracker="cve" id="2024-47777"/>
  <issue tracker="cve" id="2024-47545"/>
  <issue tracker="cve" id="2024-47778"/>
  <issue tracker="cve" id="2024-47544"/>
  <issue tracker="cve" id="2024-47530"/>
  <issue tracker="cve" id="2024-47602"/>
  <issue tracker="cve" id="2024-47774"/>
  <issue tracker="cve" id="2024-47606"/>
  <issue tracker="bnc" id="1234439">VUL-0: CVE-2024-47778: gstreamer-plugins-good: Various out-of-bounds reads in WAV parser</issue>
  <issue tracker="bnc" id="1234432">VUL-0: CVE-2024-47602: gstreamer-plugins-good: NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer</issue>
  <issue tracker="bnc" id="1234435">VUL-0: CVE-2024-47776: gstreamer-plugins-good: Various out-of-bounds reads in WAV parser</issue>
  <issue tracker="bnc" id="1234449">VUL-0: CVE-2024-47606: gstreamer,gstreamer-plugins-good: Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes</issue>
  <issue tracker="bnc" id="1234440">VUL-0: CVE-2024-47834: gstreamer-plugins-good: A use-after-free in the Matroska demuxer that can cause crashes for certain input files.</issue>
  <issue tracker="bnc" id="1234414">VUL-0: CVE-2024-47537: gstreamer-0_10-plugins-good,gstreamer-plugins-good: OOB-write in isomp4/qtdemux.c</issue>
  <issue tracker="bnc" id="1234433">VUL-0: CVE-2024-47603: gstreamer-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer</issue>
  <issue tracker="bnc" id="1234417">VUL-0: CVE-2024-47539: gstreamer-0_10-plugins-good,gstreamer-plugins-good: OOB-write in convert_to_s334_1a</issue>
  <issue tracker="bnc" id="1234424">VUL-0: CVE-2024-47596: gstreamer-plugins-good: Integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads</issue>
  <issue tracker="bnc" id="1234427">VUL-0: CVE-2024-47599: gstreamer-plugins-good: Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences</issue>
  <issue tracker="bnc" id="1234446">VUL-0: CVE-2024-47774: gstreamer-plugins-good: Integer overflow in AVI subtitle parser that leads to out-of-bounds reads</issue>
  <issue tracker="bnc" id="1234421">VUL-0: CVE-2024-47540: gstreamer-0_10-plugins-good,gstreamer-plugins-good: uninitialized stack memory in Matroska/WebM demuxer</issue>
  <issue tracker="bnc" id="1234476">VUL-0: CVE-2024-47545: gstreamer-0_10-plugins-good,gstreamer-plugins-good: integer underflow in FOURCC_strf parsing leading to OOB-read</issue>
  <issue tracker="bnc" id="1234436">VUL-0: CVE-2024-47777: gstreamer-plugins-good: Various out-of-bounds reads in WAV parser</issue>
  <issue tracker="bnc" id="1234477">VUL-0: CVE-2024-47546: gstreamer-0_10-plugins-good,gstreamer-plugins-good: integer underflow in extract_cc_from_data leading to OOB-read</issue>
  <issue tracker="bnc" id="1234473">VUL-0: CVE-2024-47544: gstreamer,gstreamer-0_10: NULL-pointer dereferences in MP4/MOV demuxer CENC handling</issue>
  <issue tracker="bnc" id="1234434">VUL-0: CVE-2024-47775: gstreamer-plugins-good: Various out-of-bounds reads in WAV parser</issue>
  <issue tracker="bnc" id="1234428">VUL-0: CVE-2024-47601: gstreamer-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer</issue>
  <issue tracker="bnc" id="1234425">VUL-0: CVE-2024-47597: gstreamer-plugins-good: Out-of-bounds reads in MP4/MOV demuxer sample table parser</issue>
  <issue tracker="bnc" id="1234462">VUL-0: CVE-2024-47543: gstreamer-0_10-plugins-good,gstreamer-plugins-good: OOB-read in qtdemux_parse_container</issue>
  <issue tracker="bnc" id="1234447">VUL-0: CVE-2024-47613: gstreamer-plugins-good: NULL-pointer dereference in gdk-pixbuf decoder</issue>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gstreamer-plugins-good</summary>
  <description>This update for gstreamer-plugins-good fixes the following issues:

- CVE-2024-47537: Fixed OOB-write in isomp4/qtdemux.c (bsc#1234414)
- CVE-2024-47539: Fixed OOB-write in convert_to_s334_1a (bsc#1234417)
- CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer (bsc#1234421)
- CVE-2024-47543: Fixed OOB-read in qtdemux_parse_container (bsc#1234462)
- CVE-2024-47544: Fixed NULL-pointer dereferences in MP4/MOV demuxer CENC handling (bsc#1234473)
- CVE-2024-47545: Fixed integer underflow in FOURCC_strf parsing leading to OOB-read (bsc#1234476)
- CVE-2024-47546: Fixed integer underflow in extract_cc_from_data leading to OOB-read (bsc#1234477)
- CVE-2024-47596: Fixed integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads (bsc#1234424)
- CVE-2024-47597: Fixed OOB-reads in MP4/MOV demuxer sample table parser (bsc#1234425)
- CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (bsc#1234427)
- CVE-2024-47601: Fixed NULL-pointer dereference in Matroska/WebM demuxer (bsc#1234428)
- CVE-2024-47602: Fixed NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (bsc#1234432)
- CVE-2024-47603: Fixed NULL-pointer dereference in Matroska/WebM demuxer (bsc#1234433)
- CVE-2024-47606: Fixed integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (bsc#1234449)
- CVE-2024-47613: Fixed NULL-pointer dereference in gdk-pixbuf decoder (bsc#1234447)
- CVE-2024-47774: Fixed integer overflow in AVI subtitle parser that leads to out-of-bounds reads (bsc#1234446)
- CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser (bsc#1234434)
- CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser (bsc#1234435)
- CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser (bsc#1234436)
- CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser (bsc#1234439)
- CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files (bsc#1234440)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places