Red Hat Security Advisory: gstreamer1-plugins-good security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540) * gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537) * gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539) * gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613) * gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
AI Analysis
Technical Summary
This advisory covers seven security vulnerabilities in the GStreamer streaming media framework's base and good plugin packages. The issues include uninitialized stack memory in the Matroska/WebM demuxer (CVE-2024-47540), out-of-bounds write in isomp4/qtdemux.c (CVE-2024-47537), stack-buffer overflow in vorbis_handle_identification_packet (CVE-2024-47538), out-of-bounds write in the Ogg demuxer (CVE-2024-47615), null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613), stack-buffer overflow in gst_opus_dec_parse_header (CVE-2024-47607), and integer overflows in MP4/MOV demuxer and memory allocator leading to out-of-bounds writes (CVE-2024-47606). These vulnerabilities affect Red Hat Enterprise Linux 7 Extended Lifecycle Support packages and have been rated with an important security impact by Red Hat. The advisory references fixes available in updated packages.
Potential Impact
The vulnerabilities involve memory corruption issues such as stack-buffer overflows, out-of-bounds writes, uninitialized memory usage, and null pointer dereferences in media processing components. These could potentially be exploited to cause application crashes, denial of service, or other unintended behavior when processing specially crafted media files. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated packages for gstreamer1-plugins-base and gstreamer1-plugins-good addressing these vulnerabilities. Users of Red Hat Enterprise Linux 7 Extended Lifecycle Support should apply the security update RHSA-2024:11344 promptly. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified by the vendor.
Red Hat Security Advisory: gstreamer1-plugins-good security update
Description
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540) * gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537) * gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539) * gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613) * gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers seven security vulnerabilities in the GStreamer streaming media framework's base and good plugin packages. The issues include uninitialized stack memory in the Matroska/WebM demuxer (CVE-2024-47540), out-of-bounds write in isomp4/qtdemux.c (CVE-2024-47537), stack-buffer overflow in vorbis_handle_identification_packet (CVE-2024-47538), out-of-bounds write in the Ogg demuxer (CVE-2024-47615), null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613), stack-buffer overflow in gst_opus_dec_parse_header (CVE-2024-47607), and integer overflows in MP4/MOV demuxer and memory allocator leading to out-of-bounds writes (CVE-2024-47606). These vulnerabilities affect Red Hat Enterprise Linux 7 Extended Lifecycle Support packages and have been rated with an important security impact by Red Hat. The advisory references fixes available in updated packages.
Potential Impact
The vulnerabilities involve memory corruption issues such as stack-buffer overflows, out-of-bounds writes, uninitialized memory usage, and null pointer dereferences in media processing components. These could potentially be exploited to cause application crashes, denial of service, or other unintended behavior when processing specially crafted media files. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated packages for gstreamer1-plugins-base and gstreamer1-plugins-good addressing these vulnerabilities. Users of Red Hat Enterprise Linux 7 Extended Lifecycle Support should apply the security update RHSA-2024:11344 promptly. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:11344
- Cve Count
- 7
- Additional Cves
- ["CVE-2024-47538","CVE-2024-47540","CVE-2024-47606","CVE-2024-47607","CVE-2024-47613","CVE-2024-47615"]
- Cvss Version
- null
Threat ID: 6a3da1ff4853345fc1836723
Added to database: 06/25/2026, 21:47:43 UTC
Last enriched: 06/25/2026, 22:53:46 UTC
Last updated: 07/03/2026, 08:51:19 UTC
Views: 58
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.