SUSE update for gstreamer-plugins-good



Risk High
Patch available YES
Number of vulnerabilities 22
CVE-ID CVE-2024-47530
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
CVE-2024-47599
CVE-2024-47601
CVE-2024-47602
CVE-2024-47603
CVE-2024-47606
CVE-2024-47613
CVE-2024-47774
CVE-2024-47775
CVE-2024-47776
CVE-2024-47777
CVE-2024-47778
CVE-2024-47834
CWE-ID CWE-601
CWE-190
CWE-787
CWE-125
CWE-476
CWE-191
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
 SUSE Linux Enterprise Workstation Extension 15
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

gstreamer-plugins-good-extra-64bit-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-jack-64bit-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-64bit-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-extra-64bit
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-jack-64bit
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-64bit
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-lang
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-32bit-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-jack-32bit
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-extra-32bit-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-extra-32bit
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-jack-32bit-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-32bit
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-jack
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-gtk
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-extra-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-debugsource
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-jack-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-gtk-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-extra
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-qtqml-debuginfo
Operating systems & Components / Operating system package or component

gstreamer-plugins-good-qtqml
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) Open redirect

EUVDB-ID: #VU102568

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47530

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU101244

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-47537

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the MP4/MOV demuxer's sample table parser. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU101219

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-47539

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU101248

Risk: Medium

CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47543

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition in the MP4/MOV demuxer. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU101241

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47544

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the MP4/MOV demuxer's CENC handling. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU101251

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-47545

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the MP4/MOV demuxer. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU101218

Risk: Medium

CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47546

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the MP4/MOV demuxer. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer underflow

EUVDB-ID: #VU101253

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-47596

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow in the MP4/MOV demuxer. A remote attacker can trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU101242

Risk: Medium

CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47597

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition in the MP4/MOV demuxer's sample table parsing. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU101217

Risk: Medium

CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47598

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the MP4/MOV demuxer sample table parser. A remote attacker can create trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU101243

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47599

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the JPEG decoder. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU101238

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47601

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU101220

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47602

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU101249

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47603

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Matroska/WebM demuxer. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Integer overflow

EUVDB-ID: #VU101245

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-47606

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the MP4/MOV demuxer and memory allocator. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU101211

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47613

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the gdk-pixbuf decoder. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer overflow

EUVDB-ID: #VU101239

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-47774

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the AVI subtitle parser. A remote attacker can pass specially crafted AVI file to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU101215

Risk: Medium

CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47775

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU101214

Risk: Medium

CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47776

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU101213

Risk: Medium

CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47777

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU101212

Risk: Medium

CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47778

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.

The vulnerability exists due to a boundary condition within the the WAV parser. A remote attacker can pass specially crafted file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU101240

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-47834

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the Matroska demuxer. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected package gstreamer-plugins-good to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Workstation Extension 15: SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

gstreamer-plugins-good-extra-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-64bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-lang: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-32bit-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-32bit: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debugsource: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-jack-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-gtk-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-extra: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml-debuginfo: before 1.24.0-150600.3.3.1

gstreamer-plugins-good-qtqml: before 1.24.0-150600.3.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250055-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###