The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7242.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis:           Moderate: gstreamer1-plugins-good security update
Advisory ID:        RHSA-2025:7242-03
Product:            Red Hat Enterprise Linux
Advisory URL:       https://access.redhat.com/errata/RHSA-2025:7242
Issue date:         2025-05-13
Revision:           03
CVE Names:          CVE-2024-47543
====================================================================

Summary: 

An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.




Description:

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.

Security Fix(es):

* gstreamer1-plugins-good: OOB-read in qtdemux_parse_container (CVE-2024-47543)

* gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk (CVE-2024-47774)

* gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk (CVE-2024-47777)

* gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk (CVE-2024-47778)

* gstreamer1-plugins-good: OOB-read in parse_ds64 (CVE-2024-47775)

* gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing (CVE-2024-47596)

* gstreamer1-plugins-good: insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (CVE-2024-47599)

* gstreamer1-plugins-good: Use-After-Free read in Matroska CodecPrivate (CVE-2024-47834)

* gstreamer1-plugins-good: OOB-read in gst_wavparse_cue_chunk (CVE-2024-47776)

* gstreamer1-plugins-good: NULL-pointer dereferences in MP4/MOV demuxer CENC handling (CVE-2024-47544)

* gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47601)

* gstreamer1-plugins-good: OOB-read in qtdemux_parse_samples (CVE-2024-47597)

* gstreamer1-plugins-good: integer underflow in extract_cc_from_data leading to OOB-read (CVE-2024-47546)

* gstreamer1-plugins-good: NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (CVE-2024-47602)

* gstreamer1-plugins-good: OOB-read in qtdemux_merge_sample_table (CVE-2024-47598)

* gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47603)

* gstreamer1-plugins-good: integer underflow in FOURCC_strf parsing leading to OOB-read (CVE-2024-47545)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2024-47543

References:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2331723
https://bugzilla.redhat.com/show_bug.cgi?id=2331739
https://bugzilla.redhat.com/show_bug.cgi?id=2331741
https://bugzilla.redhat.com/show_bug.cgi?id=2331743
https://bugzilla.redhat.com/show_bug.cgi?id=2331744
https://bugzilla.redhat.com/show_bug.cgi?id=2331747
https://bugzilla.redhat.com/show_bug.cgi?id=2331748
https://bugzilla.redhat.com/show_bug.cgi?id=2331749
https://bugzilla.redhat.com/show_bug.cgi?id=2331750
https://bugzilla.redhat.com/show_bug.cgi?id=2331751
https://bugzilla.redhat.com/show_bug.cgi?id=2331752
https://bugzilla.redhat.com/show_bug.cgi?id=2331755
https://bugzilla.redhat.com/show_bug.cgi?id=2331756
https://bugzilla.redhat.com/show_bug.cgi?id=2331759
https://bugzilla.redhat.com/show_bug.cgi?id=2331761
https://bugzilla.redhat.com/show_bug.cgi?id=2331762
https://bugzilla.redhat.com/show_bug.cgi?id=2331763