Red Hat Security Advisory: gstreamer1-plugins-base security update
Multiple security vulnerabilities have been identified in the gstreamer1-plugins-base package used in Red Hat Enterprise Linux 9. These include out-of-bounds reads and writes, as well as NULL-pointer dereferences in various parsers such as ID3v2, SSA subtitle, format_channel_mask, and LRC subtitle parsers. The vulnerabilities have been rated with moderate severity by Red Hat Product Security. Updates addressing these issues are available for Red Hat Enterprise Linux 9 and its extended update and lifecycle support versions.
AI Analysis
Technical Summary
The gstreamer1-plugins-base package in Red Hat Enterprise Linux 9 contains several security flaws: an out-of-bounds write in the SSA subtitle parser (CVE-2024-47541), out-of-bounds read and NULL-pointer dereference in the ID3v2 parser (CVE-2024-47542), an out-of-bounds read in format_channel_mask (CVE-2024-47600), and a NULL-pointer dereference in the LRC subtitle parser (CVE-2024-47835). These vulnerabilities could cause memory corruption or application crashes when processing crafted media files. Red Hat has issued a security advisory (RHSA-2025:7243) with updates to fix these issues in multiple Red Hat Enterprise Linux 9 variants.
Potential Impact
Successful exploitation of these vulnerabilities may result in application crashes or memory corruption within the GStreamer media framework when processing specially crafted media data. This could potentially be leveraged to disrupt media processing applications or cause denial of service. No known exploits in the wild have been reported. The overall security impact is rated moderate by Red Hat.
Mitigation Recommendations
Red Hat has released updated gstreamer1-plugins-base packages that address these vulnerabilities. Users of Red Hat Enterprise Linux 9 and its variants should apply the security update referenced in RHSA-2025:7243 as soon as possible. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigations are specified by the vendor.
Red Hat Security Advisory: gstreamer1-plugins-base security update
Description
Multiple security vulnerabilities have been identified in the gstreamer1-plugins-base package used in Red Hat Enterprise Linux 9. These include out-of-bounds reads and writes, as well as NULL-pointer dereferences in various parsers such as ID3v2, SSA subtitle, format_channel_mask, and LRC subtitle parsers. The vulnerabilities have been rated with moderate severity by Red Hat Product Security. Updates addressing these issues are available for Red Hat Enterprise Linux 9 and its extended update and lifecycle support versions.
Affected software
pkg:rpm/redhat/gstreamer1-plugins-baseRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The gstreamer1-plugins-base package in Red Hat Enterprise Linux 9 contains several security flaws: an out-of-bounds write in the SSA subtitle parser (CVE-2024-47541), out-of-bounds read and NULL-pointer dereference in the ID3v2 parser (CVE-2024-47542), an out-of-bounds read in format_channel_mask (CVE-2024-47600), and a NULL-pointer dereference in the LRC subtitle parser (CVE-2024-47835). These vulnerabilities could cause memory corruption or application crashes when processing crafted media files. Red Hat has issued a security advisory (RHSA-2025:7243) with updates to fix these issues in multiple Red Hat Enterprise Linux 9 variants.
Potential Impact
Successful exploitation of these vulnerabilities may result in application crashes or memory corruption within the GStreamer media framework when processing specially crafted media data. This could potentially be leveraged to disrupt media processing applications or cause denial of service. No known exploits in the wild have been reported. The overall security impact is rated moderate by Red Hat.
Mitigation Recommendations
Red Hat has released updated gstreamer1-plugins-base packages that address these vulnerabilities. Users of Red Hat Enterprise Linux 9 and its variants should apply the security update referenced in RHSA-2025:7243 as soon as possible. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigations are specified by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:7243
- Cve Count
- 4
- Additional Cves
- ["CVE-2024-47542","CVE-2024-47600","CVE-2024-47835"]
- Cvss Version
- null
Threat ID: 6a4049e927e9c79719835d2c
Added to database: 06/27/2026, 22:08:41 UTC
Last enriched: 06/27/2026, 22:38:41 UTC
Last updated: 06/27/2026, 23:11:23 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.