- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #948198
ID: 202506-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution.

Background
==========

GStreamer is an open source multimedia framework.

Affected packages
=================

Package Vulnerable Unaffected --------------------------- ------------ ------------ media-libs/gst-plugins-base < 1.24.10 >= 1.24.10
media-libs/gstreamer < 1.24.10 >= 1.24.10

Description
===========

Multiple vulnerabilities have been discovered in GStreamer, GStreamer
Plugins. Please review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GStreamer, GStreamer Plugins users should upgrade to the latest
versions:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.24.10" ">=media-libs/gst-plugins-bad-1.24.10"

References
==========

[ 1 ] CVE-2024-44331
https://nvd.nist.gov/vuln/detail/CVE-2024-44331
[ 2 ] CVE-2024-47537
https://nvd.nist.gov/vuln/detail/CVE-2024-47537
[ 3 ] CVE-2024-47538
https://nvd.nist.gov/vuln/detail/CVE-2024-47538
[ 4 ] CVE-2024-47539
https://nvd.nist.gov/vuln/detail/CVE-2024-47539
[ 5 ] CVE-2024-47540
https://nvd.nist.gov/vuln/detail/CVE-2024-47540
[ 6 ] CVE-2024-47541
https://nvd.nist.gov/vuln/detail/CVE-2024-47541
[ 7 ] CVE-2024-47542
https://nvd.nist.gov/vuln/detail/CVE-2024-47542
[ 8 ] CVE-2024-47543
https://nvd.nist.gov/vuln/detail/CVE-2024-47543
[ 9 ] CVE-2024-47544
https://nvd.nist.gov/vuln/detail/CVE-2024-47544
[ 10 ] CVE-2024-47545
https://nvd.nist.gov/vuln/detail/CVE-2024-47545
[ 11 ] CVE-2024-47546
https://nvd.nist.gov/vuln/detail/CVE-2024-47546
[ 12 ] CVE-2024-47596
https://nvd.nist.gov/vuln/detail/CVE-2024-47596
[ 13 ] CVE-2024-47597
https://nvd.nist.gov/vuln/detail/CVE-2024-47597
[ 14 ] CVE-2024-47598
https://nvd.nist.gov/vuln/detail/CVE-2024-47598
[ 15 ] CVE-2024-47599
https://nvd.nist.gov/vuln/detail/CVE-2024-47599
[ 16 ] CVE-2024-47600
https://nvd.nist.gov/vuln/detail/CVE-2024-47600
[ 17 ] CVE-2024-47601
https://nvd.nist.gov/vuln/detail/CVE-2024-47601
[ 18 ] CVE-2024-47602
https://nvd.nist.gov/vuln/detail/CVE-2024-47602
[ 19 ] CVE-2024-47603
https://nvd.nist.gov/vuln/detail/CVE-2024-47603
[ 20 ] CVE-2024-47606
https://nvd.nist.gov/vuln/detail/CVE-2024-47606
[ 21 ] CVE-2024-47607
https://nvd.nist.gov/vuln/detail/CVE-2024-47607
[ 22 ] CVE-2024-47613
https://nvd.nist.gov/vuln/detail/CVE-2024-47613
[ 23 ] CVE-2024-47615
https://nvd.nist.gov/vuln/detail/CVE-2024-47615
[ 24 ] CVE-2024-47774
https://nvd.nist.gov/vuln/detail/CVE-2024-47774
[ 25 ] CVE-2024-47775
https://nvd.nist.gov/vuln/detail/CVE-2024-47775
[ 26 ] CVE-2024-47776
https://nvd.nist.gov/vuln/detail/CVE-2024-47776
[ 27 ] CVE-2024-47777
https://nvd.nist.gov/vuln/detail/CVE-2024-47777
[ 28 ] CVE-2024-47778
https://nvd.nist.gov/vuln/detail/CVE-2024-47778
[ 29 ] CVE-2024-47834
https://nvd.nist.gov/vuln/detail/CVE-2024-47834
[ 30 ] CVE-2024-47835
https://nvd.nist.gov/vuln/detail/CVE-2024-47835
[ 31 ] GStreamer-SA-2024-0003
https://gstreamer.freedesktop.org/security/sa-2024-0003.html
[ 32 ] GStreamer-SA-2024-0004
https://gstreamer.freedesktop.org/security/sa-2024-0004.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202506-02

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmhKdM8ACgkQFMQkOaVy +9kK9w//RXQy5uzJ+u3DC+axXtbrla0pw+Bf3uWRndsfUxezH3zeNcDPZoMdbOod FF99K5ovrlto3fglrXhUjqTcgzGknO5qi/dLR9juw0N9avfCjiD1Os0GnZ8V9DMz DjHkwMKJ9T/f6kTdwBla2iDkxA1S9wzr6nYP7pIsV6Izr0UnN0C9JbIAOhRJkEBf V/hD5KU38sBU0krOR6Bfaa1X/STalPwlM8MVBuEJIgP8z0MGZtLPkwEs3Veo+Mg/ HOJqEkzSTDGWy8MVCU10AVSvEyF66vuWqK/i0/FYMauqK2vSyrw/SUKoUFQLurWH xk/dCapZwTZOoS/hRwOhD3/7AfBWkcsQNK4Y87dMxgQJ/AjdEWoK5k+ZunzOgMnI q91LV4WGJ3GqVzdFupJmsZSXvz2XvekY0YnUhzzKACNiTH/UYZA4UFnXbVrMTvsT dTp4NjQ7dblzzPqdxIwRs9D4p8sMe6WeHPs863ErZbgkm6A3Uzw4hk2mEI9yK8Tg n03027UI2zk4Wx49LWH4hknLo6/+LHFyPdJT5U7Be0ccwZt7ai8JBxlsyIVoPCyW B+46WXdTbe4X6iF5xde/FFRzX8ns+OeNJ1ptOWcpVZzR4PmQLxvSfbSm7Y2tUh7D gR9BGMZSwPlC+kIPgSO/oB4kY8C8kUl3Gd7/AAh6m4bLD4OAmjg=
=YpY3
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)