- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202506-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities
     Date: June 12, 2025
     Bugs: #948198
       ID: 202506-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in GStreamer and GStreamer
Plugins, the worst of which could lead to code execution.

Background
==========

GStreamer is an open source multimedia framework.

Affected packages
=================

Package                      Vulnerable    Unaffected
---------------------------  ------------  ------------
media-libs/gst-plugins-base  < 1.24.10     >= 1.24.10
media-libs/gstreamer         < 1.24.10     >= 1.24.10

Description
===========

Multiple vulnerabilities have been discovered in GStreamer, GStreamer
Plugins. Please review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GStreamer, GStreamer Plugins users should upgrade to the latest
versions:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.24.10" ">=media-libs/gst-plugins-bad-1.24.10"

References
==========

[ 1 ] CVE-2024-44331
      https://nvd.nist.gov/vuln/detail/CVE-2024-44331
[ 2 ] CVE-2024-47537
      https://nvd.nist.gov/vuln/detail/CVE-2024-47537
[ 3 ] CVE-2024-47538
      https://nvd.nist.gov/vuln/detail/CVE-2024-47538
[ 4 ] CVE-2024-47539
      https://nvd.nist.gov/vuln/detail/CVE-2024-47539
[ 5 ] CVE-2024-47540
      https://nvd.nist.gov/vuln/detail/CVE-2024-47540
[ 6 ] CVE-2024-47541
      https://nvd.nist.gov/vuln/detail/CVE-2024-47541
[ 7 ] CVE-2024-47542
      https://nvd.nist.gov/vuln/detail/CVE-2024-47542
[ 8 ] CVE-2024-47543
      https://nvd.nist.gov/vuln/detail/CVE-2024-47543
[ 9 ] CVE-2024-47544
      https://nvd.nist.gov/vuln/detail/CVE-2024-47544
[ 10 ] CVE-2024-47545
      https://nvd.nist.gov/vuln/detail/CVE-2024-47545
[ 11 ] CVE-2024-47546
      https://nvd.nist.gov/vuln/detail/CVE-2024-47546
[ 12 ] CVE-2024-47596
      https://nvd.nist.gov/vuln/detail/CVE-2024-47596
[ 13 ] CVE-2024-47597
      https://nvd.nist.gov/vuln/detail/CVE-2024-47597
[ 14 ] CVE-2024-47598
      https://nvd.nist.gov/vuln/detail/CVE-2024-47598
[ 15 ] CVE-2024-47599
      https://nvd.nist.gov/vuln/detail/CVE-2024-47599
[ 16 ] CVE-2024-47600
      https://nvd.nist.gov/vuln/detail/CVE-2024-47600
[ 17 ] CVE-2024-47601
      https://nvd.nist.gov/vuln/detail/CVE-2024-47601
[ 18 ] CVE-2024-47602
      https://nvd.nist.gov/vuln/detail/CVE-2024-47602
[ 19 ] CVE-2024-47603
      https://nvd.nist.gov/vuln/detail/CVE-2024-47603
[ 20 ] CVE-2024-47606
      https://nvd.nist.gov/vuln/detail/CVE-2024-47606
[ 21 ] CVE-2024-47607
      https://nvd.nist.gov/vuln/detail/CVE-2024-47607
[ 22 ] CVE-2024-47613
      https://nvd.nist.gov/vuln/detail/CVE-2024-47613
[ 23 ] CVE-2024-47615
      https://nvd.nist.gov/vuln/detail/CVE-2024-47615
[ 24 ] CVE-2024-47774
      https://nvd.nist.gov/vuln/detail/CVE-2024-47774
[ 25 ] CVE-2024-47775
      https://nvd.nist.gov/vuln/detail/CVE-2024-47775
[ 26 ] CVE-2024-47776
      https://nvd.nist.gov/vuln/detail/CVE-2024-47776
[ 27 ] CVE-2024-47777
      https://nvd.nist.gov/vuln/detail/CVE-2024-47777
[ 28 ] CVE-2024-47778
      https://nvd.nist.gov/vuln/detail/CVE-2024-47778
[ 29 ] CVE-2024-47834
      https://nvd.nist.gov/vuln/detail/CVE-2024-47834
[ 30 ] CVE-2024-47835
      https://nvd.nist.gov/vuln/detail/CVE-2024-47835
[ 31 ] GStreamer-SA-2024-0003
      https://gstreamer.freedesktop.org/security/sa-2024-0003.html
[ 32 ] GStreamer-SA-2024-0004
      https://gstreamer.freedesktop.org/security/sa-2024-0004.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202506-02

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5