(RHSA-2024:3060) Moderate: gstreamer1-plugins-bad-free security update

2024-05-2206:35:29

access.redhat.com

gstreamer

security update

integer overflow

mxf

aes3 audio

h.265 video parser

red hat enterprise linux 8.10

7.3 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.2%

JSON

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474)
gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio (CVE-2023-40475)
gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (CVE-2023-40476)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8s390xgstreamer1-plugins-bad-free< 1.16.1-4.el8gstreamer1-plugins-bad-free-1.16.1-4.el8.s390x.rpm
RedHat8s390xgstreamer1-plugins-bad-free-debugsource< 1.16.1-4.el8gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8.s390x.rpm
RedHat8aarch64gstreamer1-plugins-bad-free-debuginfo< 1.16.1-4.el8gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8.aarch64.rpm
RedHat8x86_64gstreamer1-plugins-bad-free-debugsource< 1.16.1-4.el8gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8.x86_64.rpm
RedHat8i686gstreamer1-plugins-bad-free-devel< 1.16.1-4.el8gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.i686.rpm
RedHat8aarch64gstreamer1-plugins-bad-free-devel< 1.16.1-4.el8gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.aarch64.rpm
RedHat8x86_64gstreamer1-plugins-bad-free< 1.16.1-4.el8gstreamer1-plugins-bad-free-1.16.1-4.el8.x86_64.rpm
RedHat8x86_64gstreamer1-plugins-bad-free-debuginfo< 1.16.1-4.el8gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8.x86_64.rpm
RedHat8i686gstreamer1-plugins-bad-free-debugsource< 1.16.1-4.el8gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8.i686.rpm
RedHat8i686gstreamer1-plugins-bad-free-debuginfo< 1.16.1-4.el8gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8.i686.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	s390x	gstreamer1-plugins-bad-free	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-1.16.1-4.el8.s390x.rpm
RedHat	8	s390x	gstreamer1-plugins-bad-free-debugsource	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8.s390x.rpm
RedHat	8	aarch64	gstreamer1-plugins-bad-free-debuginfo	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8.aarch64.rpm
RedHat	8	x86_64	gstreamer1-plugins-bad-free-debugsource	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8.x86_64.rpm
RedHat	8	i686	gstreamer1-plugins-bad-free-devel	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.i686.rpm
RedHat	8	aarch64	gstreamer1-plugins-bad-free-devel	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.aarch64.rpm
RedHat	8	x86_64	gstreamer1-plugins-bad-free	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-1.16.1-4.el8.x86_64.rpm
RedHat	8	x86_64	gstreamer1-plugins-bad-free-debuginfo	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8.x86_64.rpm
RedHat	8	i686	gstreamer1-plugins-bad-free-debugsource	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8.i686.rpm
RedHat	8	i686	gstreamer1-plugins-bad-free-debuginfo	< 1.16.1-4.el8	gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8.i686.rpm