{"id":"SUSE-SU-2025:02055-1","summary":"Security update for gstreamer-plugins-good","details":"This update for gstreamer-plugins-good fixes the following issues:\n\n- CVE-2024-47537: Fixed OOB-write in isomp4/qtdemux.c (bsc#1234414)\n- CVE-2024-47539: Fixed OOB-write in convert_to_s334_1a (bsc#1234417)\n- CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer (bsc#1234421)\n- CVE-2024-47543: Fixed OOB-read in qtdemux_parse_container (bsc#1234462)\n- CVE-2024-47544: Fixed NULL-pointer dereferences in MP4/MOV demuxer CENC handling (bsc#1234473)\n- CVE-2024-47545: Fixed integer underflow in FOURCC_strf parsing leading to OOB-read (bsc#1234476)\n- CVE-2024-47546: Fixed integer underflow in extract_cc_from_data leading to OOB-read (bsc#1234477)\n- CVE-2024-47596: Fixed integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads (bsc#1234424)\n- CVE-2024-47597: Fixed OOB-reads in MP4/MOV demuxer sample table parser (bsc#1234425)\n- CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (bsc#1234427)\n- CVE-2024-47601: Fixed NULL-pointer dereference in Matroska/WebM demuxer (bsc#1234428)\n- CVE-2024-47602: Fixed NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (bsc#1234432)\n- CVE-2024-47603: Fixed NULL-pointer dereference in Matroska/WebM demuxer (bsc#1234433)\n- CVE-2024-47606: Fixed integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (bsc#1234449)\n- CVE-2024-47613: Fixed NULL-pointer dereference in gdk-pixbuf decoder (bsc#1234447)\n- CVE-2024-47774: Fixed integer overflow in AVI subtitle parser that leads to out-of-bounds reads (bsc#1234446)\n- CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser (bsc#1234434)\n- CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser (bsc#1234435)\n- CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser (bsc#1234436)\n- CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser (bsc#1234439)\n- CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files (bsc#1234440)\n","modified":"2026-02-04T02:56:01.581161Z","published":"2025-06-20T15:35:07Z","related":["CVE-2024-47537","CVE-2024-47539","CVE-2024-47540","CVE-2024-47543","CVE-2024-47544","CVE-2024-47545","CVE-2024-47546","CVE-2024-47596","CVE-2024-47597","CVE-2024-47599","CVE-2024-47601","CVE-2024-47602","CVE-2024-47603","CVE-2024-47606","CVE-2024-47613","CVE-2024-47774","CVE-2024-47775","CVE-2024-47776","CVE-2024-47777","CVE-2024-47778","CVE-2024-47834"],"upstream":["CVE-2024-47537","CVE-2024-47539","CVE-2024-47540","CVE-2024-47543","CVE-2024-47544","CVE-2024-47545","CVE-2024-47546","CVE-2024-47596","CVE-2024-47597","CVE-2024-47599","CVE-2024-47601","CVE-2024-47602","CVE-2024-47603","CVE-2024-47606","CVE-2024-47613","CVE-2024-47774","CVE-2024-47775","CVE-2024-47776","CVE-2024-47777","CVE-2024-47778","CVE-2024-47834"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502055-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234414"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234417"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234421"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234424"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234425"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234427"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234428"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234432"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234433"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234434"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234435"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234436"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234439"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234440"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234446"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234447"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234449"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234462"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234473"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234476"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234477"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47537"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47540"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47543"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47544"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47545"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47546"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47596"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47597"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47599"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47601"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47602"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47603"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47606"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47774"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47775"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47776"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47777"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47778"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47834"}],"affected":[{"package":{"name":"gstreamer-plugins-good","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","purl":"pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.3-150200.3.17.1"}]}],"ecosystem_specific":{"binaries":[{"gstreamer-plugins-good":"1.16.3-150200.3.17.1","gstreamer-plugins-good-lang":"1.16.3-150200.3.17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02055-1.json"}},{"package":{"name":"gstreamer-plugins-good","ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","purl":"pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.3-150200.3.17.1"}]}],"ecosystem_specific":{"binaries":[{"gstreamer-plugins-good":"1.16.3-150200.3.17.1","gstreamer-plugins-good-lang":"1.16.3-150200.3.17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02055-1.json"}},{"package":{"name":"gstreamer-plugins-good","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","purl":"pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.3-150200.3.17.1"}]}],"ecosystem_specific":{"binaries":[{"gstreamer-plugins-good":"1.16.3-150200.3.17.1","gstreamer-plugins-good-lang":"1.16.3-150200.3.17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02055-1.json"}},{"package":{"name":"gstreamer-plugins-good","ecosystem":"SUSE:Enterprise Storage 7.1","purl":"pkg:rpm/suse/gstreamer-plugins-good&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.3-150200.3.17.1"}]}],"ecosystem_specific":{"binaries":[{"gstreamer-plugins-good":"1.16.3-150200.3.17.1","gstreamer-plugins-good-lang":"1.16.3-150200.3.17.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02055-1.json"}}],"schema_version":"1.7.3"}