In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for RHEL:8
gstreamer1-plugins-good-gtk
.
Note: Versions mentioned in the description apply only to the upstream gstreamer1-plugins-good-gtk
package and not the gstreamer1-plugins-good-gtk
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.