diff options
34 files changed, 1582 insertions, 22 deletions
diff --git a/src/htdocs/conference/2023/index.xml b/src/htdocs/conference/2023/index.xml index 71a84a87..465ecc4f 100644 --- a/src/htdocs/conference/2023/index.xml +++ b/src/htdocs/conference/2023/index.xml @@ -96,6 +96,13 @@ li { </ul> </p> + <h2>Recorded talks</h2> + <p> + Talks have been recorded again by <a href="https://www.ubicast.eu/">Ubicast</a> and + are available at <a href="https://gstconf.ubicast.tv/channels/#gstreamer-conference-2023">GStreamer Conference 2023 videos</a> + </p> + + <h2>Details</h2> <p> The GStreamer Conference is a conference for developers, community members, @@ -980,26 +987,10 @@ li { </p> <h2>Conference News and Updates</h2> -<!-- - <p> - <i>2019-November-04</i>: Videos are now available at <a href="https://gstconf.ubicast.tv/channels/#gstreamer-conference-2019">https://gstconf.ubicast.tv/channels/#gstreamer-conference-2019</a> thanks to UbiCast! - </p> - <p> - <i>2019-October-30</i>: There will again be an informal pre-conference meet-up social event on the evening before the conference. - Come to <a href="https://goo.gl/maps/4yVBD8Hj79AbzQVC9"><b>Ninkasi Guillotière</b></a> (2 Place Antonin Jutard, 69003 Lyon) on Wednesday 30 October 2019 from 19.00h onwards and say hi! - Food and drinks will be available for purchase, and credit cards should be accepted. - </p> <p> - <i>2019-October-21</i>: There will be a social event again on Thursday - evening from ca. 19.00-19.30h onwards at <a href="https://www.ninkasi.fr/lieux/ninkasi-saint-paul/"><b>Ninkasi Saint-Paul</b></a> - at 5 Rue Octavio Mey. Food and drinks will be provided (thanks to our sponsors!), - including vegetarian options. Make sure to bring your conference badge. + <i>2023-November-04</i>: Videos are now available at <a href="https://gstconf.ubicast.tv/channels/#gstreamer-conference-2013">https://gstconf.ubicast.tv/channels/#gstreamer-conference-2013</a> thanks to UbiCast! </p> <p> - <i>2019-October-16</i>: Reminder that there will also be a hackfest/hackathon on Saturday/Sunday 2-3 November 2019, just after the conference, but at another venue as the conference, namely <a href="https://goo.gl/maps/R2Jyofi2fdq6xErg9">Epitech</a>. - </p> ---> - <p> <i>2023-September-16</i>: The (preliminary) <a href="https://indico.freedesktop.org/event/5/timetable/?layout=room#all.detailed">full conference schedule</a> is now available as well </p> <p> diff --git a/src/htdocs/conference/2024/index.xml b/src/htdocs/conference/2024/index.xml index 7ec70548..24620fb6 100644 --- a/src/htdocs/conference/2024/index.xml +++ b/src/htdocs/conference/2024/index.xml @@ -92,6 +92,12 @@ li { </ul> </p> + <h2>Recorded talks</h2> + <p> + Talks have been recorded and + are available at <a href="https://gstconf.ubicast.tv/channels/#gstreamer-conference-2024">GStreamer Conference 2024 videos</a> + </p> + <h2>Details</h2> <p> The GStreamer Conference is a conference for developers, community members, @@ -893,6 +899,7 @@ li { <p> The call for presentations is now closed. </p> +<!-- <p> Anyone who has submitted a talk proposal should receive an e-mail letting them know whether their proposal has been accepted in the coming days. @@ -906,6 +913,7 @@ li { <p> Lightning talks may still be proposed, see above for more details. </p> + --> <a id="social-events"></a> @@ -1047,6 +1055,9 @@ li { <h2>Conference News and Updates</h2> <p> + <i>2024-November-07</i>: <a href="https://gstconf.ubicast.tv/channels/#gstreamer-conference-2024">Link to the Videos have been added</a>. Thank you all for coming! + </p> + <p> <i>2024-October-08</i>: Links to the <a href="#live">Live streams for Day 2</a> have been added. </p> <p> diff --git a/src/htdocs/entities.gst b/src/htdocs/entities.gst index 263e9572..fe5f3759 100644 --- a/src/htdocs/entities.gst +++ b/src/htdocs/entities.gst @@ -1,5 +1,5 @@ <!ENTITY gst-branch-stable "1.24"> -<!ENTITY gst-version-stable "1.24.9"> +<!ENTITY gst-version-stable "1.24.10"> <!ENTITY gst-version-devel "git main"> <!ENTITY orc-version-stable "0.4.40"> diff --git a/src/htdocs/news/news.xml b/src/htdocs/news/news.xml index 6882742b..180cf050 100644 --- a/src/htdocs/news/news.xml +++ b/src/htdocs/news/news.xml @@ -16161,4 +16161,61 @@ Binaries for Android, iOS, Mac OS X and Windows will be available shortly. </content> </item> + <item> + <date>2024-12-03 23:30</date> + <title>GStreamer 1.24.10 stable bug fix release</title> + <content> +<p> +The GStreamer team is pleased to announce another bug fix release +in the new stable 1.24 release series of your favourite cross-platform +multimedia framework! +</p> + +<p> +This release only contains bugfixes and <a href="&site;/security/">security fixes</a>. +</p> +<p> +It should be safe to update from 1.24.x, and we would recommend you update at +your earliest convenience. +</p> + +<p> + <b>Highlighted bugfixes:</b> + <ul> + <li>More than <a href="https://gstreamer.freedesktop.org/security/">40 security fixes</a> + across a wide range of elements following an audit by the GitHub Security Lab, including + the MP4, Matroska, Ogg and WAV demuxers, subtitle parsers, image decoders, audio + decoders and the id3v2 tag parser</li> + <li>avviddec: Fix regression that could trigger assertions about width/height mismatches</li> + <li>appsink and appsrc fixes</li> + <li>closed caption handling fixes</li> + <li>decodebin3 and urisourcebin fixes</li> + <li>glupload: dmabuf: Fix emulated tiled import</li> + <li>level: fix LevelMeta values outside of the stated range</li> + <li>mpegtsmux, flvmux: fix potential busy looping with high cpu usage in live mode</li> + <li>pipeline dot file graph generation improvements</li> + <li>qt(6): fix criticals with multiple qml(6)gl{src,sink}</li> + <li>rtspsrc: Optionally timestamp RTP packets with their receive times in TCP/HTTP mode to enable clock drift handling</li> + <li>splitmuxsrc: reduce number of file descriptors used</li> + <li>systemclock: locking order fixes</li> + <li>v4l2: fix possible v4l2videodec deadlock on shutdown; 8-bit bayer format fixes</li> + <li>x265: Fix build with libx265 version >= 4.1 after masteringDisplayColorVolume API change</li> + <li>macOS: fix rendering artifacts in retina displays, plus ptp clock fixes</li> + <li>cargo: Default to thin lto for the release profile (for faster builds with lower memory requirements)</li> + <li>Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements</li> + <li>Translation updates</li> + </ul> +</p> + +<p> +See the <a href="&site;/releases/1.24/#1.24.10">GStreamer 1.24.10 release notes</a> +for more details. +</p> + +<p> +Binaries for Android, iOS, Mac OS X and Windows will be available shortly. +</p> + </content> + </item> + </news> diff --git a/src/htdocs/releases/1.24/release-notes-1.24.md b/src/htdocs/releases/1.24/release-notes-1.24.md index 97ca0113..54c1db80 100644 --- a/src/htdocs/releases/1.24/release-notes-1.24.md +++ b/src/htdocs/releases/1.24/release-notes-1.24.md @@ -2,11 +2,11 @@ GStreamer 1.24.0 was originally released on 4 March 2024. -The latest bug-fix release in the stable 1.24 series is [1.24.9](#1.24.9) and was released on 30 October 2024. +The latest bug-fix release in the stable 1.24 series is [1.24.10](#1.24.10) and was released on 03 December 2024. See [https://gstreamer.freedesktop.org/releases/1.24/][latest] for the latest version of this document. -*Last updated: Wednesday 30 October 2024, 20:00 UTC [(log)][gitlog]* +*Last updated: Tuesday 03 December 2024, 14:00 UTC [(log)][gitlog]* [latest]: https://gstreamer.freedesktop.org/releases/1.24/ [gitlog]: https://gitlab.freedesktop.org/gstreamer/www/commits/main/src/htdocs/releases/1.24/release-notes-1.24.md @@ -3079,6 +3079,193 @@ suggestions or helped testing. Thank you all! - [List of Merge Requests applied in 1.24.9](https://gitlab.freedesktop.org/groups/gstreamer/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.24.9) - [List of Issues fixed in 1.24.9](https://gitlab.freedesktop.org/groups/gstreamer/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=1.24.9) +<a id="1.24.10"></a> + +### 1.24.10 + +The tenth 1.24 bug-fix release (1.24.10) was released on 03 December 2024. + +This release only contains bugfixes and [security fixes][security-overview]. +It *should* be safe to update from 1.24.x and we would recommend you update +at your earliest convenience. + +[security-overview]: https://gstreamer.freedesktop.org/security/ + +#### Highlighted bugfixes in 1.24.10 + + - [More than 40 security fixes][security-overview] across a wide range of + elements following an audit by the GitHub Security Lab, including the MP4, + Matroska, Ogg and WAV demuxers, subtitle parsers, image decoders, audio + decoders and the id3v2 tag parser. + - avviddec: Fix regression that could trigger assertions about width/height mismatches + - appsink and appsrc fixes + - closed caption handling fixes + - decodebin3 and urisourcebin fixes + - glupload: dmabuf: Fix emulated tiled import + - level: fix LevelMeta values outside of the stated range + - mpegtsmux, flvmux: fix potential busy looping with high cpu usage in live mode + - pipeline dot file graph generation improvements + - qt(6): fix criticals with multiple qml(6)gl{src,sink} + - rtspsrc: Optionally timestamp RTP packets with their receive times in TCP/HTTP mode to enable clock drift handling + - splitmuxsrc: reduce number of file descriptors used + - systemclock: locking order fixes + - v4l2: fix possible v4l2videodec deadlock on shutdown; 8-bit bayer format fixes + - x265: Fix build with libx265 version >= 4.1 after masteringDisplayColorVolume API change + - macOS: fix rendering artifacts in retina displays, plus ptp clock fixes + - cargo: Default to thin lto for the release profile (for faster builds with lower memory requirements) + - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + - Translation updates + +#### gstreamer + + - [allocator: Avoid integer overflow when allocating sysmem and avoid integer overflow in qtdemux theora extension parsing](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8044) + - [deviceprovider: fix leaking hidden providers](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7915) + - [gstreamer: prefix debug dot node names to prevent splitting](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7998) + - [pad: Never push sticky events in response to a FLUSH_STOP](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8003) + - [systemclock: Fix lock order violation and some cleanup](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8019) + - [utils: improve gst_util_ceil_log2()](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7905) + - [ptp: use ip_mreq instead of ip_mreqn for macos](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7864) + - [tracers: unlock leaks tracer if already tracking](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7960) + +#### gst-plugins-base + + - [appsink: fix timeout logic for gst_app_sink_try_pull_sample()](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7980) + - [appsrc: Fix use-after-free when making buffer / buffer-lists writable](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7806) + - [audiostreamalign: Don't report disconts for every buffer if alignment-threshold is too small](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7906) + - [decodebin3: Unify collection switching checks](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7956) + - [discoverer: Don't print channel layout for more than 64 channels](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8046) + - [discoverer: Make sure the missing elements details array is NULL-terminated in a thread-safe way](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7986) + - [discoverer: fix segfault in race condition adding a new uri](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7934) + - [id3v2: Don't try parsing extended header if not enough data is available](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8045) + - [glupload: dmabuf: Fix emulated tiled import](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7907) + - [gl: cocoa: fix rendering artifacts in retina displays](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7834) + - [gl: meson: Don't use libdrm_dep in cc.has_header()](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7932) + - [oggstream: fix invalid ogg_packet->packet accesses, address invalid writes CVE](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8050) + - [opusdec: Set at most 64 channels to NONE position](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8049) + - [playbin: Fix caps leak in get_n_common_capsfeatures()](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7909) + - [playbin3: ERROR when setting new HLS URI with instant-uri=true](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3957) + - [sdp: Add debug categories for message and mikey modules](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7926) + - [ssaparse: Search for closing brace after opening brace](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8048) + - [splitmuxsrc: Convert part reader to a bin with a non-async bus](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7957) + - [subparse: Check for NULL return of strchr() when parsing LRC subtitles](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8051) + - [streamsynchronizer: Only send GAP events out of source pads](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7997) + - [urisourcebin: Also use event probe for HLS use-cases](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7857) + - [video-converter: Set TIME segment format on appsrc](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7842) + - [vorbisdec: Set at most 64 channels to NONE position](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8047) + - [Translation for gst-plugins-base 1.24.0 not sync-ed with Translation Project](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3940) + - [Update translations](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7820) + +#### gst-plugins-good + + - [avisubtitle: Fix size checks and avoid overflows when checking sizes](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8055) + - [flvmux: Don't time out in live mode if no timestamped next buffer is available](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7902) + - [gdkpixbufdec: Check if initializing the video info actually succeeded](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8053) + - [jpegdec: Directly error out on negotiation failures](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8052) + - [level: Fix integer overflow when filling LevelMeta](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8029) + - [level: produces level value outside of Stated Range](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4068) + - [matroskademux: header parsing fixes](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058) + - [qtdemux: header and sample table parsing fixes](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060) + - [qtdemux: avoid integer overflow in theora extension parsing](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8044) + - [qt(6)/material: ensure that we always update the context in setBuffer()](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7978) + - [rtspsrc: Optionally timestamp RTP packets with their receive times in TCP/HTTP mode](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8004) + - [rtp: Fix precision loss in gst_rtcp_ntp_to_unix()](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8022) + - [rtpfunnel: Ensure segment events are forwarded after flushs](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7835) + - [rtpmanager: don't map READWRITE in twcc header ext](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7910) + - [rtph264depay, rtph265depay: Fix various OOB reads / NULL pointer dereferences in parameter-set string handling](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7812) + - [shout2send: Unref event at the end of the event function](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8006) + - [udpsrc: protect cancellable from unlock/unlock_stop race](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7897) + - [v4l2object: Fixed incorrect maximum value for int range](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7961) + - [v4l2object: Remove little endian marker on 8 bit bayer format names](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7845) + - [v4l2videodec: fix freeze race condition](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7987) + - [wavparse: Fix various (missing) size checks and other parsing problems](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8054) + +#### gst-plugins-bad + + - [ccconverter: Don't override in_fps_entry when trying to take output](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7862) + - [ccutils fixes](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7973) + - [kmssink: Add mediatek auto-detection](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8027) + - [mpegtsmux: Don't time out in live mode if no timestamped next buffer is available (fixes busy loop with high cpu usage)](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7901) + - [mpegvideoparse: do not set delta unit flag on unknown frame type](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7876) + - [mxfmux: Fix off-by-one in the month when generating a timestamp for now](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8018) + - [timecodestamper: Don't fail the latency query in LTC mode if we have no framerate](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7846) + - [webrtc: don't crash on invalid bundle id](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7966) + - [x265: Allow building with x265-4.1 (after masteringDisplayColorVolume API change)](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7983) + - [meson: Don't unconditionally invoke the libsoup subproject for tests](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7982) + + +#### gst-plugins-ugly + + - No changes + +#### GStreamer Rust plugins + +- cargo: Default to thin lto for the release profile (for faster builds with lower memory requirements) + +#### gst-libav + + - [avcodecmap: Use avcodec_get_supported_config() instead of struct fields](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7833) + - [libav: viddec: provide details if meta has the wrong resolution](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7925) + - [avviddec: Unlock video decoder stream lock temporarily while finishing frames](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7921) + +#### gst-rtsp-server + + - No changes + +#### gstreamer-vaapi + + - No changes + +#### gstreamer-sharp + + - No changes + +#### gst-omx + + - No changes + +#### gst-python + + - No changes + +#### gst-editing-services + + - No changes + +#### gst-devtools, gst-validate + gst-integration-testsuites + + - [validate: Fix leaks in ssim components](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7802) + +### gst-examples + + - No changes + +#### Development build environment + + - [meson: Fix failing libva wrap file build](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7955) + +#### Cerbero build tool and packaging changes in 1.24.10 + + - [shell: fix TemporaryDirectory error with the with statement when ZSH](https://gitlab.freedesktop.org/gstreamer/cerbero/-/merge_requests/1638) + - [ci: update macos CI to 15 Sequoia](https://gitlab.freedesktop.org/gstreamer/cerbero/-/merge_requests/1623) + +#### Contributors to 1.24.10 + +Albert Sjolund, Alicia Boya García, Andoni Morales Alastruey, Antonio Morales, +Edward Hervey, Guillaume Desmottes, Jan Alexander Steffens (heftig), +Jan Schmidt, Jonas Rebmann, Jordan Petridis, Mathieu Duponchelle, +Matthew Waters, Nicolas Dufresne, Nirbheek Chauhan, Pablo Sun, Philippe Normand, +Robert Rosengren, Ruben Gonzalez, Sebastian Dröge, Seungmin Kim, +Stefan Riedmüller, Stéphane Cerveau, Taruntej Kanakamalla, Théo Maillart, +Thibault Saunier, Tim-Philipp Müller, Tomáš Polomský, Wilhelm Bartel, Xi Ruoyao, + +... and many others who have contributed bug reports, translations, sent +suggestions or helped testing. Thank you all! + +#### List of merge requests and issues fixed in 1.24.10 + +- [List of Merge Requests applied in 1.24.10](https://gitlab.freedesktop.org/groups/gstreamer/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.24.10) +- [List of Issues fixed in 1.24.10](https://gitlab.freedesktop.org/groups/gstreamer/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=1.24.10) + ## Schedule for 1.26 Our next major feature release will be 1.26, and 1.25 will be the unstable diff --git a/src/htdocs/releases/releases.md b/src/htdocs/releases/releases.md index 1a389034..1618916b 100644 --- a/src/htdocs/releases/releases.md +++ b/src/htdocs/releases/releases.md @@ -1,9 +1,9 @@ # GStreamer Releases -- **Latest stable release:** [1.24.9][latest-stable] +- **Latest stable release:** [1.24.10][latest-stable] - **Latest development release:** [git `main`][latest-devel] -[latest-stable]: https://gstreamer.freedesktop.org/releases/1.24/#1.24.9 +[latest-stable]: https://gstreamer.freedesktop.org/releases/1.24/#1.24.10 [latest-devel]: https://gitlab.freedesktop.org/gstreamer/gstreamer/ ### Current stable release diff --git a/src/htdocs/security/Makefile.am b/src/htdocs/security/Makefile.am index 822415f3..8f6b5821 100644 --- a/src/htdocs/security/Makefile.am +++ b/src/htdocs/security/Makefile.am @@ -28,6 +28,32 @@ ALERTS = \ sa-2024-0002.md \ sa-2024-0003.md \ sa-2024-0004.md \ + sa-2024-0005.md \ + sa-2024-0006.md \ + sa-2024-0007.md \ + sa-2024-0008.md \ + sa-2024-0009.md \ + sa-2024-0010.md \ + sa-2024-0011.md \ + sa-2024-0012.md \ + sa-2024-0013.md \ + sa-2024-0014.md \ + sa-2024-0015.md \ + sa-2024-0016.md \ + sa-2024-0017.md \ + sa-2024-0018.md \ + sa-2024-0019.md \ + sa-2024-0020.md \ + sa-2024-0021.md \ + sa-2024-0022.md \ + sa-2024-0023.md \ + sa-2024-0024.md \ + sa-2024-0025.md \ + sa-2024-0026.md \ + sa-2024-0027.md \ + sa-2024-0028.md \ + sa-2024-0029.md \ + sa-2024-0030.md \ $(NULL) security_pages = $(patsubst %.md,%.html,$(ALERTS)) diff --git a/src/htdocs/security/sa-2024-0005.md b/src/htdocs/security/sa-2024-0005.md new file mode 100644 index 00000000..73bef471 --- /dev/null +++ b/src/htdocs/security/sa-2024-0005.md @@ -0,0 +1,50 @@ +# Security Advisory 2024-0005 (GHSL-2024-094, GHSL-2024-237, GHSL-2024-241, CVE-2024-47537) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0005<br/>GHSL-2024-094, GHSL-2024-237, GHSL-2024-241<br/>CVE-2024-47537 | + +</div> + +## Details + +Integer overflow in the MP4/MOV demuxer's sample table parser that can lead to +out-of-bounds writes and NULL-pointer dereferences for certain input files. + +## Impact + +It is possible for a malicious third party to trigger an out-of-bounds write or +NULL-pointer dereferences that result in a crash of the application, and, in +case of out-of-bounds writes, possibly also allow code execution through heap +manipulation. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47537](https://www.cve.org/CVERecord?id=CVE-2024-47537) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0006.md b/src/htdocs/security/sa-2024-0006.md new file mode 100644 index 00000000..6d7349d7 --- /dev/null +++ b/src/htdocs/security/sa-2024-0006.md @@ -0,0 +1,47 @@ +# Security Advisory 2024-0006 (GHSL-2024-246, CVE-2024-47598) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | MP4/MOV sample table parser out-of-bounds read | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0006<br/>GHSL-2024-246<br/>CVE-2024-47598 | + +</div> + +## Details + +Out-of-bounds reads in the MP4/MOV demuxer's sample table parser when handling raw audio tracks +that can lead to crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger a out-of-bounds reads that result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47598](https://www.cve.org/CVERecord?id=CVE-2024-47598) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0007.md b/src/htdocs/security/sa-2024-0007.md new file mode 100644 index 00000000..cdaecd3e --- /dev/null +++ b/src/htdocs/security/sa-2024-0007.md @@ -0,0 +1,49 @@ +# Security Advisory 2024-0007 (GHSL-2024-195, CVE-2024-47539) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | MP4/MOV Closed Caption handling out-of-bounds write | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0007<br/>GHSL-2024-195<br/>CVE-2024-47539 | + +</div> + +## Details + +Out-of-bounds writes in the MP4/MOV demuxer when handling CEA608 Closed Caption +tracks that can lead to crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger a out-of-bounds writes +that result in a crash of the application, and possibly also allow code +execution through heap manipulation. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47539](https://www.cve.org/CVERecord?id=CVE-2024-47539) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0008.md b/src/htdocs/security/sa-2024-0008.md new file mode 100644 index 00000000..08be0668 --- /dev/null +++ b/src/htdocs/security/sa-2024-0008.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0008 (GHSL-2024-235, CVE-2024-47539) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | ID3v2 parser out-of-bounds read and NULL-pointer dereference | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-base < 1.24.10 | +| IDs | GStreamer-SA-2024-0008<br/>GHSL-2024-235<br/>CVE-2024-47542 | + +</div> + +## Details + +Out-of-bounds read and NULL-pointer dereference in ID3v2 parser that can lead +to crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger an out-of-bounds read or +NULL-pointer dereference that can result in a crash of the application. + +## Solution + +The gst-plugins-base 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47542](https://www.cve.org/CVERecord?id=CVE-2024-47542) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Base 1.24.10](/src/gst-plugins-base/gst-plugins-base-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch) diff --git a/src/htdocs/security/sa-2024-0009.md b/src/htdocs/security/sa-2024-0009.md new file mode 100644 index 00000000..b1093b62 --- /dev/null +++ b/src/htdocs/security/sa-2024-0009.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0009 (GHSL-2024-236, CVE-2024-47543) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | MP4/MOV demuxer out-of-bounds read | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0009<br/>GHSL-2024-236<br/>CVE-2024-47543 | + +</div> + +## Details + +Out-of-bounds read in the MP4/MOV demuxer that can lead to crashes for certain +input files. + +## Impact + +It is possible for a malicious third party to trigger an out-of-bounds read +that can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47543](https://www.cve.org/CVERecord?id=CVE-2024-47543) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0010.md b/src/htdocs/security/sa-2024-0010.md new file mode 100644 index 00000000..4de199c0 --- /dev/null +++ b/src/htdocs/security/sa-2024-0010.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0010 (GHSL-2024-242, CVE-2024-47545) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow in MP4/MOV demuxer that can result in out-of-bounds read | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0010<br/>GHSL-2024-242<br/>CVE-2024-47545 | + +</div> + +## Details + +An integer overflow in the MP4/MOV demuxer that can lead to out-of-bounds +reads that can cause crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger an integer overflow that +can result in out-of-bounds reads and a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47545](https://www.cve.org/CVERecord?id=CVE-2024-47545) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0011.md b/src/htdocs/security/sa-2024-0011.md new file mode 100644 index 00000000..32a5a5bc --- /dev/null +++ b/src/htdocs/security/sa-2024-0011.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0011 (GHSL-2024-238, GHSL-2024-239, GHSL-2024-240, CVE-2024-47544) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | NULL-pointer dereferences in MP4/MOV demuxer CENC handling | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0011<br/>GHSL-2024-238, GHSL-2024-239, GHSL-2024-240<br/>CVE-2024-47544 | + +</div> + +## Details + +Multiple NULL-pointer dereferences in the MP4/MOV demuxer's CENC handling that +can cause crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger a NULL-pointer +dereferences that can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47544](https://www.cve.org/CVERecord?id=CVE-2024-47544) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0012.md b/src/htdocs/security/sa-2024-0012.md new file mode 100644 index 00000000..d3e1e956 --- /dev/null +++ b/src/htdocs/security/sa-2024-0012.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0012 (GHSL-2024-245, CVE-2024-47597) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Out-of-bounds reads in MP4/MOV demuxer sample table parser | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0012<br/>GHSL-2024-245<br/>CVE-2024-47597 | + +</div> + +## Details + +Multiple out-of-bounds reads in the MP4/MOV demuxer's sample table parsing and +lack of error checking that can cause crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger out-of-bounds reads that +can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47597](https://www.cve.org/CVERecord?id=CVE-2024-47597) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0013.md b/src/htdocs/security/sa-2024-0013.md new file mode 100644 index 00000000..7baf066c --- /dev/null +++ b/src/htdocs/security/sa-2024-0013.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0013 (GHSL-2024-243, CVE-2024-47546) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0013<br/>GHSL-2024-243<br/>CVE-2024-47546 | + +</div> + +## Details + +Integer underflow in the MP4/MOV demuxer that can lead to out-of-bounds reads +and that can cause crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger out-of-bounds reads that +can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47546](https://www.cve.org/CVERecord?id=CVE-2024-47546) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0014.md b/src/htdocs/security/sa-2024-0014.md new file mode 100644 index 00000000..278f200b --- /dev/null +++ b/src/htdocs/security/sa-2024-0014.md @@ -0,0 +1,52 @@ +# Security Advisory 2024-0014 (GHSL-2024-166, CVE-2024-47606) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer core, gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0014<br/>GHSL-2024-166<br/>CVE-2024-47606 | + +</div> + +## Details + +Integer overflow in the MP4/MOV demuxer and memory allocator that can lead to +out-of-bounds writes and that can cause crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger out-of-bounds writes that +can result in a crash of the application, or potentially possibly also allow +code execution through heap manipulation. + +## Solution + +The GStreamer core and gst-plugins-good 1.24.10 release addresses the issue. +People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47606](https://www.cve.org/CVERecord?id=CVE-2024-47606) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer core 1.24.10](/src/gstreamer/gstreamer-1.24.10.tar.xz) +- [GStreamer plugins good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch (GStreamer core)](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f1cdc6f24340f6cce4cc7020628002f5c70dd6c7.patch) +- [Patch (GStreamer plugins good)](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f8e398c46fc074f266edb3f20479c0ca31b52448.patch) +- [Patch (combined)](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch) diff --git a/src/htdocs/security/sa-2024-0015.md b/src/htdocs/security/sa-2024-0015.md new file mode 100644 index 00000000..98229f47 --- /dev/null +++ b/src/htdocs/security/sa-2024-0015.md @@ -0,0 +1,49 @@ +# Security Advisory 2024-0015 (GHSL-2024-244, CVE-2024-47596) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0015<br/>GHSL-2024-244<br/>CVE-2024-47596 | + +</div> + +## Details + +Integer underflow due to missing size checks in the MP4/MOV demuxer that can +lead to out-of-bounds reads and that can cause crashes for certain input +files. + +## Impact + +It is possible for a malicious third party to trigger out-of-bounds reads that +can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47596](https://www.cve.org/CVERecord?id=CVE-2024-47596) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch) diff --git a/src/htdocs/security/sa-2024-0016.md b/src/htdocs/security/sa-2024-0016.md new file mode 100644 index 00000000..be30ab87 --- /dev/null +++ b/src/htdocs/security/sa-2024-0016.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0016 (GHSL-2024-247, CVE-2024-47599) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0016<br/>GHSL-2024-247<br/>CVE-2024-47599 | + +</div> + +## Details + +Insufficient error handling in the JPEG decoder that can lead to NULL-pointer +dereferences, and that can cause crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger NULL-pointer +dereferences that can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47599](https://www.cve.org/CVERecord?id=CVE-2024-47599) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch) diff --git a/src/htdocs/security/sa-2024-0017.md b/src/htdocs/security/sa-2024-0017.md new file mode 100644 index 00000000..0e06cba5 --- /dev/null +++ b/src/htdocs/security/sa-2024-0017.md @@ -0,0 +1,49 @@ +# Security Advisory 2024-0017 (GHSL-2024-197, CVE-2024-47540) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Usage of uninitialized stack memory in Matroska/WebM demuxer | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0017<br/>GHSL-2024-197<br/>CVE-2024-47540 | + +</div> + +## Details + +Usage of uninitialized stack memory in Matroska/WebM demuxer that can result +in calls to uninitialized functions pointers and crashes. + +## Impact + +It is possible for a malicious third party to trigger usage of uninitialized +stack memory that can result in a crash of the application, or potentially +possibly also allows code execution through stack manipulation. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47540](https://www.cve.org/CVERecord?id=CVE-2024-47540) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch) diff --git a/src/htdocs/security/sa-2024-0018.md b/src/htdocs/security/sa-2024-0018.md new file mode 100644 index 00000000..99eb19e1 --- /dev/null +++ b/src/htdocs/security/sa-2024-0018.md @@ -0,0 +1,51 @@ +# Security Advisory 2024-0018 (GHSL-2024-248, CVE-2024-47600) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Out-of-bounds read in gst-discoverer-1.0 commandline tool | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-base < 1.24.10 | +| IDs | GStreamer-SA-2024-0018<br/>GHSL-2024-248<br/>CVE-2024-47600 | + +</div> + +## Details + +Out-of-bounds reads in the gst-discoverer-1.0 commandline tool that can cause +crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger out-of-bounds reads that +can result in a crash of the application. + +This only affects the gst-discoverer-1.0 commandline tool and not any other +applications using GStreamer. + +## Solution + +The gst-plugins-base 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47600](https://www.cve.org/CVERecord?id=CVE-2024-47600) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Base 1.24.10](/src/gst-plugins-base/gst-plugins-base-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch) diff --git a/src/htdocs/security/sa-2024-0019.md b/src/htdocs/security/sa-2024-0019.md new file mode 100644 index 00000000..d5238e3f --- /dev/null +++ b/src/htdocs/security/sa-2024-0019.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0019 (GHSL-2024-250, CVE-2024-47602) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0019<br/>GHSL-2024-250<br/>CVE-2024-47602 | + +</div> + +## Details + +NULL-pointer dereferences and out-of-bounds reads in the Matroska/WebM demuxer that can cause +crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger NULL-pointer dereferences and out-of-bounds +reads that can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47602](https://www.cve.org/CVERecord?id=CVE-2024-47602) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch) diff --git a/src/htdocs/security/sa-2024-0020.md b/src/htdocs/security/sa-2024-0020.md new file mode 100644 index 00000000..5c4bd6d3 --- /dev/null +++ b/src/htdocs/security/sa-2024-0020.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0020 (GHSL-2024-249, CVE-2024-47601) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | NULL-pointer dereference in Matroska/WebM demuxer | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0020<br/>GHSL-2024-249<br/>CVE-2024-47601 | + +</div> + +## Details + +NULL-pointer dereference in the Matroska/WebM demuxer that can cause crashes +for certain input files. + +## Impact + +It is possible for a malicious third party to trigger NULL-pointer +dereferences that can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47601](https://www.cve.org/CVERecord?id=CVE-2024-47601) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch) diff --git a/src/htdocs/security/sa-2024-0021.md b/src/htdocs/security/sa-2024-0021.md new file mode 100644 index 00000000..127879a8 --- /dev/null +++ b/src/htdocs/security/sa-2024-0021.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0021 (GHSL-2024-251, CVE-2024-47603) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | NULL-pointer dereference in Matroska/WebM demuxer | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0021<br/>GHSL-2024-251<br/>CVE-2024-47603 | + +</div> + +## Details + +NULL-pointer dereference in the Matroska/WebM demuxer that can cause crashes +for certain input files. + +## Impact + +It is possible for a malicious third party to trigger NULL-pointer +dereferences that can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47603](https://www.cve.org/CVERecord?id=CVE-2024-47603) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch) diff --git a/src/htdocs/security/sa-2024-0022.md b/src/htdocs/security/sa-2024-0022.md new file mode 100644 index 00000000..bd165d09 --- /dev/null +++ b/src/htdocs/security/sa-2024-0022.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0022 (GHSL-2024-115, CVE-2024-47538) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Stack buffer-overflow in Vorbis decoder | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-base < 1.24.10 | +| IDs | GStreamer-SA-2024-0022<br/>GHSL-2024-115<br/>CVE-2024-47538 | + +</div> + +## Details + +Stack buffer-overflow in Vorbis decoder that can cause crashes +for certain input files. + +## Impact + +It is possible for a malicious third party to trigger stack buffer-overflows that +can result in a crash of the application. + +## Solution + +The gst-plugins-base 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47538](https://www.cve.org/CVERecord?id=CVE-2024-47538) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Base 1.24.10](/src/gst-plugins-base/gst-plugins-base-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch) diff --git a/src/htdocs/security/sa-2024-0023.md b/src/htdocs/security/sa-2024-0023.md new file mode 100644 index 00000000..96e6a0bb --- /dev/null +++ b/src/htdocs/security/sa-2024-0023.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0023 (GHSL-2024-228, CVE-2024-47541) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Out-of-bounds write in SSA subtitle parser | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-base < 1.24.10 | +| IDs | GStreamer-SA-2024-0023<br/>GHSL-2024-228<br/>CVE-2024-47541 | + +</div> + +## Details + +Out-of-bounds write in SSA subtitle parser that can cause crashes +for certain input files. + +## Impact + +It is possible for a malicious third party to trigger an out-of-bounds write that +can result in a crash of the application. + +## Solution + +The gst-plugins-base 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47541](https://www.cve.org/CVERecord?id=CVE-2024-47541) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Base 1.24.10](/src/gst-plugins-base/gst-plugins-base-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch) diff --git a/src/htdocs/security/sa-2024-0024.md b/src/htdocs/security/sa-2024-0024.md new file mode 100644 index 00000000..422f41d0 --- /dev/null +++ b/src/htdocs/security/sa-2024-0024.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0024 (GHSL-2024-116, CVE-2024-47607) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Stack buffer-overflow in Opus decoder | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-base < 1.24.10 | +| IDs | GStreamer-SA-2024-0024<br/>GHSL-2024-116<br/>CVE-2024-47607 | + +</div> + +## Details + +Stack buffer-overflow in Opus decoder that can cause crashes +for certain input files. + +## Impact + +It is possible for a malicious third party to trigger stack buffer-overflows that +can result in a crash of the application. + +## Solution + +The gst-plugins-base 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47607](https://www.cve.org/CVERecord?id=CVE-2024-47607) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Base 1.24.10](/src/gst-plugins-base/gst-plugins-base-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch) diff --git a/src/htdocs/security/sa-2024-0025.md b/src/htdocs/security/sa-2024-0025.md new file mode 100644 index 00000000..00a2c440 --- /dev/null +++ b/src/htdocs/security/sa-2024-0025.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0025 (GHSL-2024-118, CVE-2024-47613) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | NULL-pointer dereference in gdk-pixbuf decoder | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0025<br/>GHSL-2024-118<br/>CVE-2024-47613 | + +</div> + +## Details + +A NULL-pointer dereference in the gdk-pixbuf decoder that can cause crashes for +certain input files. + +## Impact + +It is possible for a malicious third party to trigger a NULL-pointer dereference +that can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47613](https://www.cve.org/CVERecord?id=CVE-2024-47613) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch) diff --git a/src/htdocs/security/sa-2024-0026.md b/src/htdocs/security/sa-2024-0026.md new file mode 100644 index 00000000..4e214a37 --- /dev/null +++ b/src/htdocs/security/sa-2024-0026.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0026 (GHSL-2024-117, CVE-2024-47615) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Out-of-bounds write in Ogg demuxer | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-base < 1.24.10 | +| IDs | GStreamer-SA-2024-0026<br/>GHSL-2024-117<br/>CVE-2024-47615 | + +</div> + +## Details + +An out-of-bounds write in the Ogg demuxer that can cause crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger out-of-bounds writes that +can result in a crash of the application, or potentially possibly also allow +code execution through heap manipulation. + +## Solution + +The gst-plugins-base 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47615](https://www.cve.org/CVERecord?id=CVE-2024-47615) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Base 1.24.10](/src/gst-plugins-base/gst-plugins-base-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch) diff --git a/src/htdocs/security/sa-2024-0027.md b/src/htdocs/security/sa-2024-0027.md new file mode 100644 index 00000000..64230b44 --- /dev/null +++ b/src/htdocs/security/sa-2024-0027.md @@ -0,0 +1,51 @@ +# Security Advisory 2024-0027 (GHSL-2024-261, GHSL-2024-260, GHSL-2024-259, GHSL-2024-258, CVE-2024-47778, CVE-2024-47777, CVE-2024-47776, CVE-2024-47775) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Various out-of-bounds reads in WAV parser | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0027<br/>GHSL-2024-261, GHSL-2024-260, GHSL-2024-259, GHSL-2024-258<br/>CVE-2024-47778, CVE-2024-47777, CVE-2024-47776, CVE-2024-47775 | + +</div> + +## Details + +Various out-of-bounds reads in the WAV parser that can cause crashes for +certain input files. + +## Impact + +It is possible for a malicious third party to trigger out-of-bounds reads +that can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47778](https://www.cve.org/CVERecord?id=CVE-2024-47778) +- [CVE-2024-47777](https://www.cve.org/CVERecord?id=CVE-2024-47777) +- [CVE-2024-47776](https://www.cve.org/CVERecord?id=CVE-2024-47776) +- [CVE-2024-47775](https://www.cve.org/CVERecord?id=CVE-2024-47775) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch) diff --git a/src/htdocs/security/sa-2024-0028.md b/src/htdocs/security/sa-2024-0028.md new file mode 100644 index 00000000..fa38a47c --- /dev/null +++ b/src/htdocs/security/sa-2024-0028.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0028 (GHSL-2024-262, CVE-2024-47774) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow in AVI subtitle parser that leads to out-of-bounds reads | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0028<br/>GHSL-2024-262<br/>CVE-2024-47774 | + +</div> + +## Details + +An integer overflow in the AVI subtitle parser that can lead to out-of-bounds +reads and can cause crashes for certain input files. + +## Impact + +It is possible for a malicious third party to trigger out-of-bounds reads that +can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47774](https://www.cve.org/CVERecord?id=CVE-2024-47774) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch) diff --git a/src/htdocs/security/sa-2024-0029.md b/src/htdocs/security/sa-2024-0029.md new file mode 100644 index 00000000..050b470e --- /dev/null +++ b/src/htdocs/security/sa-2024-0029.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0029 (GHSL-2024-263, CVE-2024-47835) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | NULL-pointer dereference in LRC subtitle parser | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-base < 1.24.10 | +| IDs | GStreamer-SA-2024-0029<br/>GHSL-2024-263<br/>CVE-2024-47835 | + +</div> + +## Details + +NULL-pointer dereference in LRC subtitle parser that can cause crashes for +certain input files. + +## Impact + +It is possible for a malicious third party to trigger NULL-pointer +dereferences that can result in a crash of the application. + +## Solution + +The gst-plugins-base 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47835](https://www.cve.org/CVERecord?id=CVE-2024-47835) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Base 1.24.10](/src/gst-plugins-base/gst-plugins-base-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch) diff --git a/src/htdocs/security/sa-2024-0030.md b/src/htdocs/security/sa-2024-0030.md new file mode 100644 index 00000000..68c69788 --- /dev/null +++ b/src/htdocs/security/sa-2024-0030.md @@ -0,0 +1,48 @@ +# Security Advisory 2024-0030 (GHSL-2024-280, CVE-2024-47834) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Use-after-free in Matroska demuxer | +| Date | 2024-12-03 20:00 | +| Affected Versions | GStreamer gst-plugins-good < 1.24.10 | +| IDs | GStreamer-SA-2024-0030<br/>GHSL-2024-280<br/>CVE-2024-47834 | + +</div> + +## Details + +A use-after-free in the Matroska demuxer that can cause crashes for certain +input files. + +## Impact + +It is possible for a malicious third party to trigger a use-after-free that +can result in a crash of the application. + +## Solution + +The gst-plugins-good 1.24.10 release addresses the issue. People using older +branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-47834](https://www.cve.org/CVERecord?id=CVE-2024-47834) + +### GStreamer releases + +#### 1.24 (current stable) + +- [GStreamer 1.24.10 release notes](/releases/1.24/#1.24.10) +- [GStreamer Plugins Good 1.24.10](/src/gst-plugins-good/gst-plugins-good-1.24.10.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch) diff --git a/src/htdocs/security/security.md b/src/htdocs/security/security.md index b302fc69..15ba5939 100644 --- a/src/htdocs/security/security.md +++ b/src/htdocs/security/security.md @@ -13,6 +13,32 @@ The GStreamer project encourages [responsible disclosure](https://en.wikipedia.o | ID | Summary | Date | | | --- | ------- | :----: | --- | +| **GStreamer-SA-2024-0030**<br/>GHSL-2024-280<br/>CVE-2024-47834 | Use-after-free in Matroska demuxer | 2024-12-03 23:30 | [Details](sa-2024-0030.html) | +| **GStreamer-SA-2024-0029**<br/>GHSL-2024-263<br/>CVE-2024-47835 | NULL-pointer dereference in LRC subtitle parser | 2024-12-03 23:30 | [Details](sa-2024-0029.html) | +| **GStreamer-SA-2024-0028**<br/>GHSL-2024-262<br/>CVE-2024-47774 | Integer overflow in AVI subtitle parser that leads to out-of-bounds reads | 2024-12-03 23:30 | [Details](sa-2024-0028.html) | +| **GStreamer-SA-2024-0027**<br/>GHSL-2024-261, GHSL-2024-260, GHSL-2024-259, GHSL-2024-258<br/>CVE-2024-47778, CVE-2024-47777, CVE-2024-47776, CVE-2024-47775 | Various out-of-bounds reads in WAV parser | 2024-12-03 23:30 | [Details](sa-2024-0027.html) | +| **GStreamer-SA-2024-0026**<br/>GHSL-2024-117<br/>CVE-2024-47615 | Out-of-bounds write in Ogg demuxer | 2024-12-03 23:30 | [Details](sa-2024-0026.html) | +| **GStreamer-SA-2024-0025**<br/>GHSL-2024-118<br/>CVE-2024-47613 | NULL-pointer dereference in gdk-pixbuf decoder | 2024-12-03 23:30 | [Details](sa-2024-0025.html) | +| **GStreamer-SA-2024-0024**<br/>GHSL-2024-116<br/>CVE-2024-47607 | Stack buffer-overflow in Opus decoder | 2024-12-03 23:30 | [Details](sa-2024-0024.html) | +| **GStreamer-SA-2024-0023**<br/>GHSL-2024-228<br/>CVE-2024-47541 | Out-of-bounds write in SSA subtitle parser | 2024-12-03 23:30 | [Details](sa-2024-0023.html) | +| **GStreamer-SA-2024-0022**<br/>GHSL-2024-115<br/>CVE-2024-47538 | Stack buffer-overflow in Vorbis decoder | 2024-12-03 23:30 | [Details](sa-2024-0022.html) | +| **GStreamer-SA-2024-0021**<br/>GHSL-2024-251<br/>CVE-2024-47603 | NULL-pointer dereference in Matroska/WebM demuxer | 2024-12-03 23:30 | [Details](sa-2024-0021.html) | +| **GStreamer-SA-2024-0020**<br/>GHSL-2024-249<br/>CVE-2024-47601 | NULL-pointer dereference in Matroska/WebM demuxer | 2024-12-03 23:30 | [Details](sa-2024-0020.html) | +| **GStreamer-SA-2024-0019**<br/>GHSL-2024-250<br/>CVE-2024-47602 | NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer | 2024-12-03 23:30 | [Details](sa-2024-0019.html) | +| **GStreamer-SA-2024-0018**<br/>GHSL-2024-248<br/>CVE-2024-47600 | Out-of-bounds read in gst-discoverer-1.0 commandline tool | 2024-12-03 23:30 | [Details](sa-2024-0018.html) | +| **GStreamer-SA-2024-0017**<br/>GHSL-2024-197<br/>CVE-2024-47540 | Usage of uninitialized stack memory in Matroska/WebM demuxer | 2024-12-03 23:30 | [Details](sa-2024-0017.html) | +| **GStreamer-SA-2024-0016**<br/>GHSL-2024-247<br/>CVE-2024-47599 | Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences | 2024-12-03 23:30 | [Details](sa-2024-0016.html) | +| **GStreamer-SA-2024-0015**<br/>GHSL-2024-244<br/>CVE-2024-47596 | Integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads | 2024-12-03 23:30 | [Details](sa-2024-0015.html) | +| **GStreamer-SA-2024-0014**<br/>GHSL-2024-166<br/>CVE-2024-47606 | Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes | 2024-12-03 23:30 | [Details](sa-2024-0014.html) | +| **GStreamer-SA-2024-0013**<br/>GHSL-2024-243<br/>CVE-2024-47546 | Integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads | 2024-12-03 23:30 | [Details](sa-2024-0013.html) | +| **GStreamer-SA-2024-0012**<br/>GHSL-2024-245<br/>CVE-2024-47597 | Out-of-bounds reads in MP4/MOV demuxer sample table parser | 2024-12-03 23:30 | [Details](sa-2024-0012.html) | +| **GStreamer-SA-2024-0011**<br/>GHSL-2024-238, GHSL-2024-239, GHSL-2024-240<br/>CVE-2024-47544 | NULL-pointer dereferences in MP4/MOV demuxer CENC handling | 2024-12-03 23:30 | [Details](sa-2024-0011.html) | +| **GStreamer-SA-2024-0010**<br/>GHSL-2024-242<br/>CVE-2024-47545 | Integer overflow in MP4/MOV demuxer that can result in out-of-bounds read | 2024-12-03 23:30 | [Details](sa-2024-0010.html) | +| **GStreamer-SA-2024-0009**<br/>GHSL-2024-236<br/>CVE-2024-47543 | MP4/MOV demuxer out-of-bounds read | 2024-12-03 23:30 | [Details](sa-2024-0009.html) | +| **GStreamer-SA-2024-0008**<br/>GHSL-2024-235<br/>CVE-2024-47542 | ID3v2 parser out-of-bounds read and NULL-pointer dereference | 2024-12-03 23:30 | [Details](sa-2024-0008.html) | +| **GStreamer-SA-2024-0007**<br/>GHSL-2024-195<br/>CVE-2024-47539 | MP4/MOV Closed Caption handling out-of-bounds write | 2024-12-03 23:30 | [Details](sa-2024-0007.html) | +| **GStreamer-SA-2024-0006**<br/>GHSL-2024-246<br/>CVE-2024-47598 | MP4/MOV sample table parser out-of-bounds read | 2024-12-03 23:30 | [Details](sa-2024-0006.html) | +| **GStreamer-SA-2024-0005**<br/>GHSL-2024-094, GHSL-2024-237, GHSL-2024-241<br/>CVE-2024-47537 | Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes | 2024-12-03 23:30 | [Details](sa-2024-0005.html) | | **GStreamer-SA-2024-0004**<br/>CVE-2024-44331 | RTSP server: Potential Denial-of-Service (DoS) with specially crafted client requests | 2024-10-29 18:00 | [Details](sa-2024-0004.html) | | **GStreamer-SA-2024-0003**<br/>JVN#02030803 / JPCERT#92912620<br/>CVE-2024-40897 | Orc compiler stack-based buffer overflow | 2024-07-19 12:30 | [Details](sa-2024-0003.html) | | **GStreamer-SA-2024-0002**<br/>ZDI-CAN-23896<br/>CVE-2024-4453 | Integer overflow in EXIF metadata parser leading to potential heap overwrite | 2024-04-29 20:00 | [Details](sa-2024-0002.html) | |