Overview

File _patchinfo of Package patchinfo.39157

<patchinfo incident="39157">
  <issue tracker="cve" id="2024-47538"/>
  <issue tracker="cve" id="2024-47835"/>
  <issue tracker="cve" id="2024-47541"/>
  <issue tracker="cve" id="2024-47607"/>
  <issue tracker="cve" id="2024-47542"/>
  <issue tracker="cve" id="2024-47600"/>
  <issue tracker="cve" id="2024-47615"/>
  <issue tracker="cve" id="2025-47808"/>
  <issue tracker="cve" id="2025-47807"/>
  <issue tracker="cve" id="2025-47806"/>
  <issue tracker="bnc" id="1234415">VUL-0: CVE-2024-47538: gstreamer-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet</issue>
  <issue tracker="bnc" id="1234453">VUL-0: CVE-2024-47600: gstreamer-plugins-base: Out-of-bounds read in gst-discoverer-1.0 commandline tool</issue>
  <issue tracker="bnc" id="1234456">VUL-0: CVE-2024-47615: gstreamer-plugins-base: Out-of-bounds write in Ogg demuxer</issue>
  <issue tracker="bnc" id="1234460">VUL-0: CVE-2024-47542: gstreamer-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference</issue>
  <issue tracker="bnc" id="1234455">VUL-0: CVE-2024-47607: gstreamer-plugins-base: Stack buffer-overflow in Opus decoder</issue>
  <issue tracker="bnc" id="1234450">VUL-0: CVE-2024-47835: gstreamer-plugins-base: NULL-pointer dereference in LRC subtitle parser</issue>
  <issue tracker="bnc" id="1234459">VUL-0: CVE-2024-47541: gstreamer-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle parser</issue>
  <issue tracker="bnc" id="1244404"></issue>
  <issue tracker="bnc" id="1244403"></issue>
  <issue tracker="bnc" id="1244407"></issue>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gstreamer-plugins-base</summary>
  <description>This update for gstreamer-plugins-base fixes the following issues:

- CVE-2024-47538: Fixed stack-buffer overflow in vorbis_handle_identification_packet (bnc#1234415)
- CVE-2024-47600: Fixed out-of-bounds read in gst-discoverer-1.0 commandline tool (bnc#1234453)
- CVE-2024-47615: Fixed out-of-bounds write in Ogg demuxer (bnc#1234456)
- CVE-2024-47542: Fixed ID3v2 parser out-of-bounds read and NULL-pointer dereference (bnc#1234460)
- CVE-2024-47607: Fixed stack buffer-overflow in Opus decoder (bnc#1234455)
- CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser (bnc#1234450)
- CVE-2024-47541: Fixed out-of-bounds write in SSA subtitle parser (bnc#1234459)
- CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (boo#1244404)
- CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (boo#1244403)
- CVE-2025-47806: Fixed Stack buffer overflow in SubRip subtitle parser (boo#1244407)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places