SB2025062107 - SUSE update for gstreamer-plugins-good 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025062107

SB2025062107 - SUSE update for gstreamer-plugins-good

Published: June 21, 2025

Security Bulletin ID SB2025062107
Severity
High
Patch available
YES
Number of vulnerabilities 22
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 32% Medium 64% Low 5%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 22 secuirty vulnerabilities.


1) Open redirect (CVE-ID: CVE-2024-47530)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.


2) Integer overflow (CVE-ID: CVE-2024-47537)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the MP4/MOV demuxer's sample table parser. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Out-of-bounds write (CVE-ID: CVE-2024-47539)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.


4) Out-of-bounds read (CVE-ID: CVE-2024-47543)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition in the MP4/MOV demuxer. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system or crash the application.


5) NULL pointer dereference (CVE-ID: CVE-2024-47544)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the MP4/MOV demuxer's CENC handling. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


6) Integer overflow (CVE-ID: CVE-2024-47545)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the MP4/MOV demuxer. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Out-of-bounds read (CVE-ID: CVE-2024-47546)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the MP4/MOV demuxer. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.


8) Integer underflow (CVE-ID: CVE-2024-47596)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow in the MP4/MOV demuxer. A remote attacker can trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Out-of-bounds read (CVE-ID: CVE-2024-47597)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition in the MP4/MOV demuxer's sample table parsing. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or crash the application.


10) NULL pointer dereference (CVE-ID: CVE-2024-47599)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the JPEG decoder. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


11) NULL pointer dereference (CVE-ID: CVE-2024-47601)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


12) NULL pointer dereference (CVE-ID: CVE-2024-47602)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


13) NULL pointer dereference (CVE-ID: CVE-2024-47603)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


14) Integer overflow (CVE-ID: CVE-2024-47606)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the MP4/MOV demuxer and memory allocator. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


15) NULL pointer dereference (CVE-ID: CVE-2024-47613)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the gdk-pixbuf decoder. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


16) Integer overflow (CVE-ID: CVE-2024-47774)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the AVI subtitle parser. A remote attacker can pass specially crafted AVI file to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


17) Out-of-bounds read (CVE-ID: CVE-2024-47775)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.


18) Out-of-bounds read (CVE-ID: CVE-2024-47776)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.


19) Out-of-bounds read (CVE-ID: CVE-2024-47777)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.


20) Out-of-bounds read (CVE-ID: CVE-2024-47778)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.


21) Use-after-free (CVE-ID: CVE-2024-47834)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the Matroska demuxer. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


22) Use of uninitialized resource (CVE-ID: CVE-2024-47540)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized uninitialized stack memory in Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application, trigger uninitialized usage of memory and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References