-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Feb 2025 19:37:56 +0000
Source: gst-plugins-good1.0
Architecture: source
Version: 1.18.4-2+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Maintainers of GStreamer packages <gst-plugins-good1.0@packages.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
gst-plugins-good1.0 (1.18.4-2+deb11u3) bullseye-security; urgency=medium
.
* Non maintainer upload by LTS security team.
* Fix CVE-2024-47537:
OOB-write in isomp4/qtdemux.c
(GHSL-2024-094, GHSL-2024-237, GHSL-2024-241)
* Fix CVE-2024-47539:
An out-of-bounds write vulnerability was identified in the convert_to_s334_1a
function in isomp4/qtdemux.c.
The vulnerability arises due to a discrepancy between the size of memory
allocated to the storage array and the loop condition i * 2 < ccpair_size.
Specifically, when ccpair_size is even, the allocated size in storage does not
match the loop’s expected bounds, resulting in an out-of-bounds write.
(GHSL-2024-195)
* Fix CVE-2024-47540:
matroskademux: Only unmap GstMapInfo in WavPack header extraction error
paths if previously mapped (GHSL-2024-197)
* Fix CVE-2024-47543:
An OOB-read vulnerability has been discovered in qtdemux_parse_container
function within qtdemux.c.
In the parent function qtdemux_parse_node, the value of length is not
well checked. So, if length is big enough, it causes the pointer end
to point beyond the boundaries of buffer.
(GHSL-2024-236)
* Fix CVE-2024-47544:
An Insufficient error handling was found in the JPEG decoder
that can lead to NULL-pointer dereferences, and that can cause
crashes for certain input files.
(GHSL-2024-238, GHSL-2024-239, GHSL-2024-240)
* Fix CVE-2024-47545:
An integer underflow has been detected in qtdemux_parse_trak function
within qtdemux.c.
During the strf parsing case, the subtraction size -= 40 can lead to
a negative integer overflow if it is less than 40
(GHSL-2024-242)
* Fix CVE-2024-47546:
An integer underflow was found in the MP4/MOV demuxer that can lead to
out-of-bounds reads and that can cause crashes for certain input files.
(GHSL-2024-243)
* Fix CVE-2024-47596:
An Out of Bound read has been discovered in the qtdemux_parse_svq3_stsd_data
function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read
from the input file without proper validation. If seqh_size is greater than
the remaining size of the data buffer, it can lead to an OOB-read in the
following call to gst_buffer_fill, which internally uses memcpy.
This vulnerability can result in reading up to 4GB of process memory
or potentially causing a segmentation fault (SEGV) when accessing
invalid memory. (GHSL-2024-244)
* Fix CVE-2024-47597:
Multiple out-of-bounds reads were found in the MP4/MOV demuxer's sample
table parsing and lack of error checking that can cause crashes
for certain input files
(GHSL-2024-245)
* Fix CVE-2024-47598:
An OOB-read vulnerability has been discovered in the
qtdemux_merge_sample_table function within qtdemux.c.
The problem is that the size of the stts buffer isn’t properly
checked before reading stts_duration, allowing the program to read 4 bytes
beyond the boundaries of stts->data
(GHSL-2024-246)
* Fix CVE-2024-47599:
An Insufficient error handling was found in the JPEG decoder
that can lead to NULL-pointer dereferences, and that can cause
crashes for certain input files.
* Fix CVE-2024-47601
A NULL pointer dereference was found in function
gst_matroska_demux_parse_blockgroup_or_simpleblock in GStreamer
(GHSL-2024-249)
* Fix CVE-2024-47602:
A null pointer dereference vulnerability has been discovered in
the gst_matroska_demux_add_wvpk_header function within matroska-demux.c.
(GHSL-2024-250)
* Fix CVE-2024-47603:
A NULL pointer dereference vulnerability has been discovered in
the gst_matroska_demux_update_tracks function within matroska-demux.c.
The vulnerability occurs when the gst_caps_is_equal function is called with
invalid caps values. If this happen, then in the function gst_buffer_get_size
the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to
dereference the size field of this null pointer results in a null
pointer dereference. (GHSL-2024-251)
* Fix CVE-2024-47606:
An Integer overflow was found in the MP4/MOV demuxer
and memory allocator that can lead to out-of-bounds
writes and that can cause crashes for certain input files.
* Fix CVE-2024-47613:
A NULL-pointer dereference was found in the gdk-pixbuf
decoder that can cause crashes for certain input files.
* Fix CVE-2024-47774:
An integer overflow was found in the AVI subtitle parser
that can lead to out-of-bounds reads and can cause crashes
for certain input files (GHSL-2024-262)
* Fix CVE-2024-47775:
An out of bound read was found before reading ds64 chunk.
* Fix CVE-2024-47776:
An out of bound read has been discovered in gst_wavparse_cue_chunk
within gstwavparse.c. The vulnerability happens due to a
discrepancy between the size of the data buffer and the size
value provided to the function. This mismatch causes the
comparison if (size < 4 + ncues * 24) to fail in some cases,
allowing the subsequent loop to access beyond the bounds of
the data buffer.
* Fix CVE-2024-47777:
An out of bound read vulnerability has been identified in
the gst_wavparse_smpl_chunk function within gstwavparse.c.
This function attempts to read 4 bytes from the data + 12 offset
without checking if the size of the data buffer is sufficient.
* Fix CVE-2024-47778:
Make sure enough data for the tag list tag is available before
parsing (GHSL-2024-258)
* Fix CVE-2024-47834:
A use-after-free was found in the Matroska demuxer that can cause
crashes for certain input files. (GHSL-2024-280)
* wavparse: Fix parsing of acid chunk
* wavparse: Check that at least 4 bytes are available before parsing cue
chunks
* wavparse: Check for short reads when parsing headers in pull mode
(CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260)
* matroskademux: Fix off-by-one when parsing multi-channel WavPack
Checksums-Sha1:
f27c7fa1ac65c5098e3cc866e19dc49bc0af1584 3584 gst-plugins-good1.0_1.18.4-2+deb11u3.dsc
aaf8f2aa0bb58cad638b32d0d44a183ed7e7f8b0 3277572 gst-plugins-good1.0_1.18.4.orig.tar.xz
b4ba526f882fc816b6e3a6efde59c5ecbf36b25f 52192 gst-plugins-good1.0_1.18.4-2+deb11u3.debian.tar.xz
00ec6d3dbc25990367f4ee0df8a30cc94c8fbf0c 21866 gst-plugins-good1.0_1.18.4-2+deb11u3_amd64.buildinfo
Checksums-Sha256:
801790a069ec90ae9da1ab2c229ee4df68d364194ea84c0ed3799f1cc37d088a 3584 gst-plugins-good1.0_1.18.4-2+deb11u3.dsc
b6e50e3a9bbcd56ee6ec71c33aa8332cc9c926b0c1fae995aac8b3040ebe39b0 3277572 gst-plugins-good1.0_1.18.4.orig.tar.xz
68f8c583cf40970049351cfcd22a54f7a9fa1e2d9399684bced6d6648a717ab9 52192 gst-plugins-good1.0_1.18.4-2+deb11u3.debian.tar.xz
1428e042d71d01b29e0772a952c3be2fdbacf2663e81d69aa2cbe3ace9994f7a 21866 gst-plugins-good1.0_1.18.4-2+deb11u3_amd64.buildinfo
Files:
b2e814f39ca09ae8f25612520cadeb02 3584 libs optional gst-plugins-good1.0_1.18.4-2+deb11u3.dsc
4ecf1ac5cd422d9c13fe05dbf5e3df26 3277572 libs optional gst-plugins-good1.0_1.18.4.orig.tar.xz
9099a92a621df00e51a053e146ef976d 52192 libs optional gst-plugins-good1.0_1.18.4-2+deb11u3.debian.tar.xz
518f2d365b5e7edc005df8a52f2f02b6 21866 libs optional gst-plugins-good1.0_1.18.4-2+deb11u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmfA1FsACgkQADoaLapB
CF8oKw//TWmANs1JWRByyZfp4NsSM6qxgWuGbBBmyMxYfIoc/pivgqAMiIDOyLoL
l/5jDtJYafgVNBf6HMRERYt+sgm0+cbmjns/0XKzFpTisyX5ivUkHLfsHyS9Iace
Ha1kB/G3WtF9YqgUNqzdsWFjrkLksvS0I3L3+a7Z1DqAgzpBSv1A0x1nsHrNxSVs
lD5zpJURFgR2/RD+O9HjMsNqcD7MLhiRERqTNI8JAmh1p4arRL2WyCjmFJKuRtV2
IRCFTnOJd3qt8q+8+RENc7a2Ewgy/A4TQtZ0ECnxT5N4BBtBbm564qhjqdB33EP2
+wLZMD/XNV5oBPmy1v8/0gDkqFSro9rMdoK4z9ONGbI/PUwerMiAAS6v0wfEEM3D
JXevZq9x01YK9tAIMZoEclRlv+u4Pn9zQ4sZpLiDM42ZyWh441n21rjT3FT9M97Y
gb7wViB2r/PXwqNzpWsFWt0ajLTTUn2crLX6FU9/QPczTq+5Zu2f/kD28XgoRHUk
nigLuDQ89c2lA+dfUDuiCNTB83pzRzZX3v//3jt3hhafLycw9uxu+8kZyDaxlBhp
qrJ4TGYtr/X7XgqflRWvFSkb9R8gsntf28lfvkZSp16GoLGGq4oYdl2e1Rh69HMj
KsbYHyYgqAByAq50jGcTCRM/ARAKoqlsCuPy6FVNzJDr7pWkeHM=
=Qm8q
-----END PGP SIGNATURE-----
Attachment:
pgpdpfYvQF6Nq.pgp
Description: PGP signature