Ubuntu update for gst-plugins-good1.0
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2024-47537 CVE-2024-47776 CVE-2024-47834 CVE-2024-47545 CVE-2024-47596 CVE-2024-47546 CVE-2024-47603 CVE-2024-47774 CVE-2024-47778 CVE-2024-47540 CVE-2024-47775 CVE-2024-47601 CVE-2024-47543 CVE-2024-47777 CVE-2024-47602 CVE-2024-47544 CVE-2024-47597 CVE-2024-47598 CVE-2024-47599 CVE-2024-47613 CVE-2024-47606 CVE-2024-47539 |
| CWE-ID | CWE-190 CWE-125 CWE-416 CWE-191 CWE-476 CWE-908 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system libgstreamer-plugins-good1.0-0 (Ubuntu package) Operating systems & Components / Operating system package or component gstreamer1.0-qt6 (Ubuntu package) Operating systems & Components / Operating system package or component gstreamer1.0-qt5 (Ubuntu package) Operating systems & Components / Operating system package or component gstreamer1.0-pulseaudio (Ubuntu package) Operating systems & Components / Operating system package or component gstreamer1.0-plugins-good (Ubuntu package) Operating systems & Components / Operating system package or component gstreamer1.0-gtk3 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU101244
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-47537
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the MP4/MOV demuxer's sample table parser. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU101214
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47776
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.
The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU101240
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-47834
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the Matroska demuxer. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU101251
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-47545
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the MP4/MOV demuxer. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer underflow
EUVDB-ID: #VU101253
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-47596
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow in the MP4/MOV demuxer. A remote attacker can trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU101218
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47546
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the MP4/MOV demuxer. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU101249
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47603
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU101239
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-47774
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the AVI subtitle parser. A remote attacker can pass specially crafted AVI file to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU101212
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47778
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.
The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU101205
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47540
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized uninitialized stack memory in Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application, trigger uninitialized usage of memory and perform a denial of service (DoS) attack.
Update the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU101215
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47775
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.
The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU101238
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47601
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU101248
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47543
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.
The vulnerability exists due to a boundary condition in the MP4/MOV demuxer. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system or crash the application.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU101213
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47777
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.
The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU101220
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47602
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU101241
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47544
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the MP4/MOV demuxer's CENC handling. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU101242
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47597
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.
The vulnerability exists due to a boundary condition in the MP4/MOV demuxer's sample table parsing. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or crash the application.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU101217
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the MP4/MOV demuxer sample table parser. A remote attacker can create trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU101243
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47599
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the JPEG decoder. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU101211
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-47613
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the gdk-pixbuf decoder. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Integer overflow
EUVDB-ID: #VU101245
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-47606
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the MP4/MOV demuxer and memory allocator. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds write
EUVDB-ID: #VU101219
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-47539
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package gst-plugins-good1.0 to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 24.10
libgstreamer-plugins-good1.0-0 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-qt6 (Ubuntu package): before 1.24.2-1ubuntu1.1
gstreamer1.0-qt5 (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-pulseaudio (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-plugins-good (Ubuntu package): before 1.16.3-0ubuntu1.3
gstreamer1.0-gtk3 (Ubuntu package): before 1.16.3-0ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libgstreamer-plugins-good1.0-0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1_0-qt6_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-qt5_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-pulseaudio_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-plugins-good_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:gstreamer1.0-gtk3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7176-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
