gstreamer1-plugins-base-1.10.4-2.0.3.el7.AXS7

エラータID: AXSA:2025-11445:03

Release date: 
Thursday, December 4, 2025 - 16:22
Subject: 
gstreamer1-plugins-base-1.10.4-2.0.3.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.

This package contains a set of well-maintained base plug-ins.

Security Fix(es):

* CVE-2024-47615: fix OOB-Write in gst_parse_vorbis_setup_packet by validating
integer size input to prevent memory corruption

CVE(s):
CVE-2024-47615
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.

Solution: 

Update packages.

CVEs: 
CVE-2024-47615
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. gstreamer1-plugins-base-1.10.4-2.0.3.el7.AXS7.i686.rpm
    MD5: e701b549987f742de4a4993971708e4e
    SHA-256: 599b2df0c36f7bca1d74f16899209bcd9f3f9c5d7422804c648d6e32014c119d
    Size: 1.43 MB
  2. gstreamer1-plugins-base-1.10.4-2.0.3.el7.AXS7.x86_64.rpm
    MD5: 01198c97d61157357bcc0e646e87fae3
    SHA-256: cb035f16c52a70492f1df650ee6d066bedd7af97a06e9762de0b9da998ca2a7b
    Size: 1.42 MB
  3. gstreamer1-plugins-base-devel-1.10.4-2.0.3.el7.AXS7.i686.rpm
    MD5: 320dc36acad5be8ed6522881a2a880b6
    SHA-256: 5facb9cb8b89e3fc11b267fab72568e9f20f005a5690bedf0b312793154d17c5
    Size: 299.55 kB
  4. gstreamer1-plugins-base-devel-1.10.4-2.0.3.el7.AXS7.x86_64.rpm
    MD5: 8cd448bb5532798c5a367ee132410615
    SHA-256: d2ce85f3d571617f493acfdf31cf20c699f0d3a0430c2e744c15c75b8b3be888
    Size: 299.59 kB