ISHACK AI BOT

Debian: CVE-2024-54479: webkit2gtk, wpewebkit -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/12/2024 Created 12/28/2024 Added 12/27/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-54479 CVE - 2024-54479 DSA-5835-1

Debian: CVE-2024-47539: gst-plugins-good1.0 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/12/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/30/2025 Description GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10. Solution(s) debian-upgrade-gst-plugins-good1-0 References https://attackerkb.com/topics/cve-2024-47539 CVE - 2024-47539 DSA-5838-1

OS X update for AppleMobileFileIntegrity (CVE-2024-54526) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 12/12/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54526 CVE - 2024-54526 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

Amazon Linux AMI 2: CVE-2024-45337: Security patch for containerd, nerdctl, runfinch-finch (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/12/2024 Created 02/05/2025 Added 02/04/2025 Modified 02/05/2025 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance. Solution(s) amazon-linux-ami-2-upgrade-containerd amazon-linux-ami-2-upgrade-containerd-debuginfo amazon-linux-ami-2-upgrade-containerd-stress amazon-linux-ami-2-upgrade-nerdctl amazon-linux-ami-2-upgrade-nerdctl-debuginfo amazon-linux-ami-2-upgrade-runfinch-finch References https://attackerkb.com/topics/cve-2024-45337 AL2/ALAS-2025-2749 AL2/ALASDOCKER-2025-049 AL2/ALASDOCKER-2025-050 AL2/ALASECS-2025-046 AL2/ALASNITRO-ENCLAVES-2025-049 CVE - 2024-45337

Ubuntu: USN-7176-1 (CVE-2024-47598): GStreamer Good Plugins vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 12/12/2024 Created 12/20/2024 Added 12/19/2024 Modified 01/28/2025 Description GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10. Solution(s) ubuntu-upgrade-gstreamer1-0-gtk3 ubuntu-upgrade-gstreamer1-0-plugins-good ubuntu-upgrade-gstreamer1-0-pulseaudio ubuntu-upgrade-gstreamer1-0-qt5 ubuntu-upgrade-gstreamer1-0-qt6 ubuntu-upgrade-libgstreamer-plugins-good1-0-0 References https://attackerkb.com/topics/cve-2024-47598 CVE - 2024-47598 USN-7176-1

Ubuntu: USN-7175-1 (CVE-2024-47835): GStreamer Base Plugins vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/12/2024 Created 12/20/2024 Added 12/19/2024 Modified 01/30/2025 Description GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10. Solution(s) ubuntu-upgrade-gstreamer1-0-alsa ubuntu-upgrade-gstreamer1-0-gl ubuntu-upgrade-gstreamer1-0-plugins-base ubuntu-upgrade-gstreamer1-0-plugins-base-apps ubuntu-upgrade-gstreamer1-0-plugins-base-doc ubuntu-upgrade-gstreamer1-0-x ubuntu-upgrade-libgstreamer-gl1-0-0 ubuntu-upgrade-libgstreamer-plugins-base1-0-0 References https://attackerkb.com/topics/cve-2024-47835 CVE - 2024-47835 USN-7175-1

Debian: CVE-2024-47599: gst-plugins-good1.0 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/12/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. Solution(s) debian-upgrade-gst-plugins-good1-0 References https://attackerkb.com/topics/cve-2024-47599 CVE - 2024-47599 DSA-5838-1

OS X update for Audio (CVE-2024-54529) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/13/2024 Created 12/13/2024 Added 12/13/2024 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54529 CVE - 2024-54529 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for SharedFileList (CVE-2024-54528) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/12/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary files. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54528 CVE - 2024-54528 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for libxpc (CVE-2024-54514) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/13/2024 Created 12/13/2024 Added 12/13/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54514 CVE - 2024-54514 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

Ubuntu: USN-7176-1 (CVE-2024-47602): GStreamer Good Plugins vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/12/2024 Created 12/20/2024 Added 12/19/2024 Modified 01/28/2025 Description GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10. Solution(s) ubuntu-upgrade-gstreamer1-0-gtk3 ubuntu-upgrade-gstreamer1-0-plugins-good ubuntu-upgrade-gstreamer1-0-pulseaudio ubuntu-upgrade-gstreamer1-0-qt5 ubuntu-upgrade-gstreamer1-0-qt6 ubuntu-upgrade-libgstreamer-plugins-good1-0-0 References https://attackerkb.com/topics/cve-2024-47602 CVE - 2024-47602 USN-7176-1

SUSE: CVE-2024-12381: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/12/2024 Created 01/10/2025 Added 01/09/2025 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-12381 CVE - 2024-12381

Debian: CVE-2024-47538: gst-plugins-base1.0 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/12/2024 Created 12/19/2024 Added 12/18/2024 Modified 01/28/2025 Description GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10. Solution(s) debian-upgrade-gst-plugins-base1-0 References https://attackerkb.com/topics/cve-2024-47538 CVE - 2024-47538 DSA-5831-1

Debian: CVE-2024-47834: gst-plugins-good1.0 -- security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 12/12/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10. Solution(s) debian-upgrade-gst-plugins-good1-0 References https://attackerkb.com/topics/cve-2024-47834 CVE - 2024-47834 DSA-5838-1

Amazon Linux AMI 2: CVE-2024-47613: Security patch for gstreamer1-plugins-good (ALAS-2025-2748) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/12/2024 Created 02/05/2025 Added 02/05/2025 Modified 02/05/2025 Description GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. Solution(s) amazon-linux-ami-2-upgrade-gstreamer1-plugins-good amazon-linux-ami-2-upgrade-gstreamer1-plugins-good-debuginfo amazon-linux-ami-2-upgrade-gstreamer1-plugins-good-gtk References https://attackerkb.com/topics/cve-2024-47613 AL2/ALAS-2025-2748 CVE - 2024-47613

Ubuntu: USN-7175-1 (CVE-2024-47607): GStreamer Base Plugins vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/12/2024 Created 12/20/2024 Added 12/19/2024 Modified 01/30/2025 Description GStreamer is a library for constructing graphs of media-handling components.stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10. Solution(s) ubuntu-upgrade-gstreamer1-0-alsa ubuntu-upgrade-gstreamer1-0-gl ubuntu-upgrade-gstreamer1-0-plugins-base ubuntu-upgrade-gstreamer1-0-plugins-base-apps ubuntu-upgrade-gstreamer1-0-plugins-base-doc ubuntu-upgrade-gstreamer1-0-x ubuntu-upgrade-libgstreamer-gl1-0-0 ubuntu-upgrade-libgstreamer-plugins-base1-0-0 References https://attackerkb.com/topics/cve-2024-47607 CVE - 2024-47607 USN-7175-1

Debian: CVE-2024-47602: gst-plugins-good1.0 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/12/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10. Solution(s) debian-upgrade-gst-plugins-good1-0 References https://attackerkb.com/topics/cve-2024-47602 CVE - 2024-47602 DSA-5838-1

Red Hat: CVE-2024-47537: gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 12/12/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10. Solution(s) redhat-upgrade-gstreamer1-plugins-good redhat-upgrade-gstreamer1-plugins-good-debuginfo redhat-upgrade-gstreamer1-plugins-good-debugsource redhat-upgrade-gstreamer1-plugins-good-gtk redhat-upgrade-gstreamer1-plugins-good-gtk-debuginfo redhat-upgrade-gstreamer1-plugins-good-qt-debuginfo References CVE-2024-47537 RHSA-2024:11119 RHSA-2024:11121 RHSA-2024:11122 RHSA-2024:11299 RHSA-2024:11348

Alma Linux: CVE-2024-47537: Important: gstreamer1-plugins-good security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/12/2024 Created 12/20/2024 Added 12/19/2024 Modified 01/28/2025 Description GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10. Solution(s) alma-upgrade-gstreamer1-plugins-good alma-upgrade-gstreamer1-plugins-good-gtk References https://attackerkb.com/topics/cve-2024-47537 CVE - 2024-47537 https://errata.almalinux.org/8/ALSA-2024-11299.html https://errata.almalinux.org/9/ALSA-2024-11122.html

FreeBSD: VID-38E6F778-BCA3-11EF-8926-9B4F2D14EB53: gitea -- Fix misuse of PublicKeyCallback Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/12/2024 Created 12/20/2024 Added 12/19/2024 Modified 12/19/2024 Description Problem Description: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Solution(s) freebsd-upgrade-package-gitea

Debian: CVE-2024-12381: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/12/2024 Created 12/17/2024 Added 12/16/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-12381 CVE - 2024-12381 DSA-5829-1

OS X update for Software Update (CVE-2024-44291) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/12/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 References https://attackerkb.com/topics/cve-2024-44291 CVE - 2024-44291 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for NetAuth (CVE-2024-54471) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 12/12/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/30/2025 Description This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials. Solution(s) apple-osx-upgrade-13_7_1 apple-osx-upgrade-14_7_1 apple-osx-upgrade-15_1 References https://attackerkb.com/topics/cve-2024-54471 CVE - 2024-54471 https://support.apple.com/en-us/121564 https://support.apple.com/en-us/121568 https://support.apple.com/en-us/121570

Amazon Linux AMI 2: CVE-2024-47538: Security patch for gstreamer1-plugins-base (ALAS-2025-2747) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/12/2024 Created 02/05/2025 Added 02/05/2025 Modified 02/05/2025 Description GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10. Solution(s) amazon-linux-ami-2-upgrade-gstreamer1-plugins-base amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-debuginfo amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-devel amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-tools References https://attackerkb.com/topics/cve-2024-47538 AL2/ALAS-2025-2747 CVE - 2024-47538

Amazon Linux AMI 2: CVE-2024-47606: Security patch for gstreamer1 (ALAS-2025-2746) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/12/2024 Created 02/05/2025 Added 02/05/2025 Modified 02/05/2025 Description GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10. Solution(s) amazon-linux-ami-2-upgrade-gstreamer1 amazon-linux-ami-2-upgrade-gstreamer1-debuginfo amazon-linux-ami-2-upgrade-gstreamer1-devel References https://attackerkb.com/topics/cve-2024-47606 AL2/ALAS-2025-2746 CVE - 2024-47606