| Package | gst-plugins-good1.0 |
|---|---|
| Version | 1.10.4-1+deb9u5 (stretch) |
| Related CVEs | CVE-2024-47543 CVE-2024-47545 CVE-2024-47546 CVE-2024-47597 CVE-2025-47219 |
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework.
CVE-2024-47543:
An OOB-read vulnerability has been discovered
in qtdemux_parse_container function within qtdemux.c.
In the parent function qtdemux_parse_node, the value of
length is not well checked. So, if length is big enough,
it causes the pointer end to point beyond the boundaries
of buffer. Subsequently, in the qtdemux_parse_container
function, the while loop can trigger an OOB-read,
accessing memory beyond the bounds of buf.
This vulnerability can result in reading up to
4GB of process memory or potentially causing a
segmentation fault (SEGV) when accessing invalid memory
CVE-2024-47545:
An integer underflow has been detected in qtdemux_parse_trak function
within qtdemux.c. During the strf parsing case, the subtraction
size -= 40 can lead to a negative integer overflow if it is less than
40. If this happens, the subsequent call to gst_buffer_fill will
invoke memcpy with a large tocopy size, resulting in an OOB-read.
CVE-2024-47546:
An integer underflow has been detected
in extract_cc_from_data function within qtdemux.c.
In the FOURCC_c708 case, the subtraction atom_length - 8
may result in an underflow if atom_length is less than 8.
When that subtraction underflows, *cclen ends up being a
large number, and then cclen is passed to g_memdup2
leading to an out-of-bounds (OOB) read
CVE-2024-47597:
An OOB-read has been detected in the function
qtdemux_parse_samples within qtdemux.c. This issue arises
when the function qtdemux_parse_samples reads data beyond
the boundaries of the stream->stco buffer. The following code
snippet shows the call to qt_atom_parser_get_offset_unchecked,
which leads to the OOB-read when parsing the provided
GHSL-2024-245_crash1.mp4 file. This issue may lead
to read up to 8 bytes out-of-bounds.
CVE-2025-47219:
The isomp4 plugin's qtdemux_parse_trak() function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
For Debian 9 stretch, these problems have been fixed in version 1.10.4-1+deb9u5.
We recommend that you upgrade your gst-plugins-good1.0 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.