Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for gstreamer1-plugins-base (EulerOS-SA-2025-1263)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.2.2025.1263

Category: Huawei EulerOS Local Security Checks

Title: Huawei EulerOS: Security Advisory for gstreamer1-plugins-base (EulerOS-SA-2025-1263)

Summary: The remote host is missing an update for the Huawei EulerOS 'gstreamer1-plugins-base' package(s) announced via the EulerOS-SA-2025-1263 advisory.

Description: Summary:
The remote host is missing an update for the Huawei EulerOS 'gstreamer1-plugins-base' package(s) announced via the EulerOS-SA-2025-1263 advisory.

Vulnerability Insight:
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.(CVE-2024-47542)

GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.(CVE-2024-47607)

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.(CVE-2024-47600)

GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket '}' appears before an opening curly bracket '{' in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.(CVE-2024-47541)

GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'gstreamer1-plugins-base' package(s) on Huawei EulerOS V2.0SP9(x86_64).

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-47538
Common Vulnerability Exposure (CVE) ID: CVE-2024-47541
Common Vulnerability Exposure (CVE) ID: CVE-2024-47542
Common Vulnerability Exposure (CVE) ID: CVE-2024-47600
Common Vulnerability Exposure (CVE) ID: CVE-2024-47607
Common Vulnerability Exposure (CVE) ID: CVE-2024-47615
Common Vulnerability Exposure (CVE) ID: CVE-2024-47835

Copyright Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.2.2025.1263
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for gstreamer1-plugins-base (EulerOS-SA-2025-1263)
Summary:	The remote host is missing an update for the Huawei EulerOS 'gstreamer1-plugins-base' package(s) announced via the EulerOS-SA-2025-1263 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'gstreamer1-plugins-base' package(s) announced via the EulerOS-SA-2025-1263 advisory. Vulnerability Insight: GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.(CVE-2024-47542) GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.(CVE-2024-47607) GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.(CVE-2024-47600) GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket '}' appears before an opening curly bracket '{' in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.(CVE-2024-47541) GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'gstreamer1-plugins-base' package(s) on Huawei EulerOS V2.0SP9(x86_64). Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-47538 Common Vulnerability Exposure (CVE) ID: CVE-2024-47541 Common Vulnerability Exposure (CVE) ID: CVE-2024-47542 Common Vulnerability Exposure (CVE) ID: CVE-2024-47600 Common Vulnerability Exposure (CVE) ID: CVE-2024-47607 Common Vulnerability Exposure (CVE) ID: CVE-2024-47615 Common Vulnerability Exposure (CVE) ID: CVE-2024-47835
Copyright	Copyright (C) 2025 Greenbone AG