Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Moderate Release date: 2025-07-02 Summary: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * gstreamer1-plugins-good: OOB-read in qtdemux_parse_container (CVE-2024-47543) * gstreamer1-plugins-good: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk (CVE-2024-47774) * gstreamer1-plugins-good: OOB-read in gst_wavparse_smpl_chunk (CVE-2024-47777) * gstreamer1-plugins-good: OOB-read in gst_wavparse_adtl_chunk (CVE-2024-47778) * gstreamer1-plugins-good: OOB-read in parse_ds64 (CVE-2024-47775) * gstreamer1-plugins-good: OOB-read in FOURCC_SMI_ parsing (CVE-2024-47596) * gstreamer1-plugins-good: insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (CVE-2024-47599) * gstreamer1-plugins-good: Use-After-Free read in Matroska CodecPrivate (CVE-2024-47834) * gstreamer1-plugins-good: OOB-read in gst_wavparse_cue_chunk (CVE-2024-47776) * gstreamer1-plugins-good: NULL-pointer dereferences in MP4/MOV demuxer CENC handling (CVE-2024-47544) * gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47601) * gstreamer1-plugins-good: OOB-read in qtdemux_parse_samples (CVE-2024-47597) * gstreamer1-plugins-good: integer underflow in extract_cc_from_data leading to OOB-read (CVE-2024-47546) * gstreamer1-plugins-good: NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (CVE-2024-47602) * gstreamer1-plugins-good: OOB-read in qtdemux_merge_sample_table (CVE-2024-47598) * gstreamer1-plugins-good: NULL-pointer dereference in Matroska/WebM demuxer (CVE-2024-47603) * gstreamer1-plugins-good: integer underflow in FOURCC_strf parsing leading to OOB-read (CVE-2024-47545) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-7242.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team