SUSE update for gstreamer-plugins-base

Published: 2024-06-07

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-4453
CWE-ID	CWE-190
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	SUSE Package Hub 15 Operating systems & Components / Operating system Basesystem Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system libgstapp-1_0-0-64bit Operating systems & Components / Operating system package or component gstreamer-plugins-base-64bit-debuginfo Operating systems & Components / Operating system package or component libgstpbutils-1_0-0-64bit Operating systems & Components / Operating system package or component libgstgl-1_0-0-64bit Operating systems & Components / Operating system package or component libgstrtsp-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstriff-1_0-0-64bit Operating systems & Components / Operating system package or component libgstallocators-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstaudio-1_0-0-64bit Operating systems & Components / Operating system package or component libgstaudio-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgsttag-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstvideo-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstriff-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgsttag-1_0-0-64bit Operating systems & Components / Operating system package or component libgstrtp-1_0-0-64bit Operating systems & Components / Operating system package or component libgstpbutils-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstrtp-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstsdp-1_0-0-64bit Operating systems & Components / Operating system package or component libgstfft-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstsdp-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstgl-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component gstreamer-plugins-base-devel-64bit Operating systems & Components / Operating system package or component libgstvideo-1_0-0-64bit Operating systems & Components / Operating system package or component gstreamer-plugins-base-64bit Operating systems & Components / Operating system package or component libgstrtsp-1_0-0-64bit Operating systems & Components / Operating system package or component libgstapp-1_0-0-64bit-debuginfo Operating systems & Components / Operating system package or component libgstallocators-1_0-0-64bit Operating systems & Components / Operating system package or component libgstfft-1_0-0-64bit Operating systems & Components / Operating system package or component gstreamer-plugins-base-lang Operating systems & Components / Operating system package or component libgstaudio-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstriff-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstvideo-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstpbutils-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstgl-1_0-0-32bit Operating systems & Components / Operating system package or component libgstapp-1_0-0-32bit Operating systems & Components / Operating system package or component gstreamer-plugins-base-devel-32bit Operating systems & Components / Operating system package or component gstreamer-plugins-base-32bit Operating systems & Components / Operating system package or component gstreamer-plugins-base-32bit-debuginfo Operating systems & Components / Operating system package or component libgstrtp-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgsttag-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgsttag-1_0-0-32bit Operating systems & Components / Operating system package or component libgstsdp-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstrtsp-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstallocators-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstfft-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstaudio-1_0-0-32bit Operating systems & Components / Operating system package or component libgstvideo-1_0-0-32bit Operating systems & Components / Operating system package or component libgstriff-1_0-0-32bit Operating systems & Components / Operating system package or component libgstapp-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstfft-1_0-0-32bit Operating systems & Components / Operating system package or component libgstrtp-1_0-0-32bit Operating systems & Components / Operating system package or component libgstrtsp-1_0-0-32bit Operating systems & Components / Operating system package or component libgstsdp-1_0-0-32bit Operating systems & Components / Operating system package or component libgstgl-1_0-0-32bit-debuginfo Operating systems & Components / Operating system package or component libgstpbutils-1_0-0-32bit Operating systems & Components / Operating system package or component libgstallocators-1_0-0-32bit Operating systems & Components / Operating system package or component libgstfft-1_0-0 Operating systems & Components / Operating system package or component libgstrtp-1_0-0-debuginfo Operating systems & Components / Operating system package or component libgstrtp-1_0-0 Operating systems & Components / Operating system package or component typelib-1_0-GstPbutils-1_0 Operating systems & Components / Operating system package or component libgstgl-1_0-0-debuginfo Operating systems & Components / Operating system package or component typelib-1_0-GstRtsp-1_0 Operating systems & Components / Operating system package or component libgstapp-1_0-0-debuginfo Operating systems & Components / Operating system package or component libgstpbutils-1_0-0 Operating systems & Components / Operating system package or component libgstfft-1_0-0-debuginfo Operating systems & Components / Operating system package or component libgstallocators-1_0-0-debuginfo Operating systems & Components / Operating system package or component libgstriff-1_0-0 Operating systems & Components / Operating system package or component libgstrtsp-1_0-0 Operating systems & Components / Operating system package or component libgstallocators-1_0-0 Operating systems & Components / Operating system package or component gstreamer-plugins-base-devel Operating systems & Components / Operating system package or component libgstsdp-1_0-0 Operating systems & Components / Operating system package or component libgsttag-1_0-0 Operating systems & Components / Operating system package or component gstreamer-plugins-base Operating systems & Components / Operating system package or component libgstaudio-1_0-0-debuginfo Operating systems & Components / Operating system package or component typelib-1_0-GstApp-1_0 Operating systems & Components / Operating system package or component libgstgl-1_0-0 Operating systems & Components / Operating system package or component gstreamer-plugins-base-debuginfo Operating systems & Components / Operating system package or component typelib-1_0-GstGLEGL-1_0 Operating systems & Components / Operating system package or component libgstrtsp-1_0-0-debuginfo Operating systems & Components / Operating system package or component typelib-1_0-GstGLX11-1_0 Operating systems & Components / Operating system package or component libgstsdp-1_0-0-debuginfo Operating systems & Components / Operating system package or component typelib-1_0-GstSdp-1_0 Operating systems & Components / Operating system package or component libgsttag-1_0-0-debuginfo Operating systems & Components / Operating system package or component libgstriff-1_0-0-debuginfo Operating systems & Components / Operating system package or component libgstaudio-1_0-0 Operating systems & Components / Operating system package or component typelib-1_0-GstVideo-1_0 Operating systems & Components / Operating system package or component libgstpbutils-1_0-0-debuginfo Operating systems & Components / Operating system package or component typelib-1_0-GstAudio-1_0 Operating systems & Components / Operating system package or component libgstvideo-1_0-0-debuginfo Operating systems & Components / Operating system package or component typelib-1_0-GstRtp-1_0 Operating systems & Components / Operating system package or component gstreamer-plugins-base-debugsource Operating systems & Components / Operating system package or component typelib-1_0-GstGL-1_0 Operating systems & Components / Operating system package or component libgstvideo-1_0-0 Operating systems & Components / Operating system package or component typelib-1_0-GstTag-1_0 Operating systems & Components / Operating system package or component libgstapp-1_0-0 Operating systems & Components / Operating system package or component typelib-1_0-GstGLWayland-1_0 Operating systems & Components / Operating system package or component typelib-1_0-GstAllocators-1_0 Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Integer overflow

EUVDB-ID: #VU89735

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-4453

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the parsing of EXIF metadata. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package gstreamer-plugins-base to the latest version.

Vulnerable software versions

SUSE Package Hub 15: 15-SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

libgstapp-1_0-0-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstpbutils-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstgl-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstrtsp-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstriff-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstallocators-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstaudio-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstaudio-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgsttag-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstvideo-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstriff-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgsttag-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstrtp-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstpbutils-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstrtp-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstsdp-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstfft-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstsdp-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstgl-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-devel-64bit: before 1.24.0-150600.3.3.1

libgstvideo-1_0-0-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-64bit: before 1.24.0-150600.3.3.1

libgstrtsp-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstapp-1_0-0-64bit-debuginfo: before 1.24.0-150600.3.3.1

libgstallocators-1_0-0-64bit: before 1.24.0-150600.3.3.1

libgstfft-1_0-0-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-lang: before 1.24.0-150600.3.3.1

libgstaudio-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstriff-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstvideo-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstpbutils-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstgl-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstapp-1_0-0-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-devel-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstrtp-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgsttag-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgsttag-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstsdp-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstrtsp-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstallocators-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstfft-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstaudio-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstvideo-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstriff-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstapp-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstfft-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstrtp-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstrtsp-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstsdp-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstgl-1_0-0-32bit-debuginfo: before 1.24.0-150600.3.3.1

libgstpbutils-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstallocators-1_0-0-32bit: before 1.24.0-150600.3.3.1

libgstfft-1_0-0: before 1.24.0-150600.3.3.1

libgstrtp-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

libgstrtp-1_0-0: before 1.24.0-150600.3.3.1

typelib-1_0-GstPbutils-1_0: before 1.24.0-150600.3.3.1

libgstgl-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

typelib-1_0-GstRtsp-1_0: before 1.24.0-150600.3.3.1

libgstapp-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

libgstpbutils-1_0-0: before 1.24.0-150600.3.3.1

libgstfft-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

libgstallocators-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

libgstriff-1_0-0: before 1.24.0-150600.3.3.1

libgstrtsp-1_0-0: before 1.24.0-150600.3.3.1

libgstallocators-1_0-0: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-devel: before 1.24.0-150600.3.3.1

libgstsdp-1_0-0: before 1.24.0-150600.3.3.1

libgsttag-1_0-0: before 1.24.0-150600.3.3.1

gstreamer-plugins-base: before 1.24.0-150600.3.3.1

libgstaudio-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

typelib-1_0-GstApp-1_0: before 1.24.0-150600.3.3.1

libgstgl-1_0-0: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-debuginfo: before 1.24.0-150600.3.3.1

typelib-1_0-GstGLEGL-1_0: before 1.24.0-150600.3.3.1

libgstrtsp-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

typelib-1_0-GstGLX11-1_0: before 1.24.0-150600.3.3.1

libgstsdp-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

typelib-1_0-GstSdp-1_0: before 1.24.0-150600.3.3.1

libgsttag-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

libgstriff-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

libgstaudio-1_0-0: before 1.24.0-150600.3.3.1

typelib-1_0-GstVideo-1_0: before 1.24.0-150600.3.3.1

libgstpbutils-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

typelib-1_0-GstAudio-1_0: before 1.24.0-150600.3.3.1

libgstvideo-1_0-0-debuginfo: before 1.24.0-150600.3.3.1

typelib-1_0-GstRtp-1_0: before 1.24.0-150600.3.3.1

gstreamer-plugins-base-debugsource: before 1.24.0-150600.3.3.1

typelib-1_0-GstGL-1_0: before 1.24.0-150600.3.3.1

libgstvideo-1_0-0: before 1.24.0-150600.3.3.1

typelib-1_0-GstTag-1_0: before 1.24.0-150600.3.3.1

libgstapp-1_0-0: before 1.24.0-150600.3.3.1

typelib-1_0-GstGLWayland-1_0: before 1.24.0-150600.3.3.1

typelib-1_0-GstAllocators-1_0: before 1.24.0-150600.3.3.1

CPE2.3

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241945-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.