Detections
Analytics

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-good (SUSE-SU-2025:0055-1)

high Nessus Plugin ID 213692

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0055-1 advisory.

 - CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out- of-bounds writes. (boo#1234449)
 - CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. (boo#1234414)
 - CVE-2024-47539: Fixed an out-of-bounds write in convert_to_s334_1a. (boo#1234417)
 - CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. (boo#1234421)
 - CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads.
 (boo#1234424)
 - CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table parser (boo#1234425)
 - CVE-2024-47598: Fixed MP4/MOV sample table parser out-of-bounds read. (boo#1234426)
 - CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. (boo#1234427)
 - CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234428)
 - CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer.
 (boo#1234432)
 - CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234433)
 - CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser. (boo#1234434)
 - CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser. (boo#1234435)
 - CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser. (boo#1234436)
 - CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser. (boo#1234439)
 - CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files. (boo#1234440)
 - CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads to out-of-bounds reads.
 (boo#1234446)
 - CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder. (boo#1234447)
 - CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container. (boo#1234462)
 - CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (boo#1234473)
 - CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to out-of-bounds read.
 (boo#1234476)
 - CVE-2024-47546: Fixed an integer underflow in extract_cc_from_data leading to out-of-bounds read.
 (boo#1234477)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1234449

https://www.suse.com/security/cve/CVE-2024-47606

https://bugzilla.suse.com/1234447

https://www.suse.com/security/cve/CVE-2024-47613

https://bugzilla.suse.com/1234414

https://bugzilla.suse.com/1234417

https://bugzilla.suse.com/1234421

https://bugzilla.suse.com/1234424

https://bugzilla.suse.com/1234425

https://bugzilla.suse.com/1234426

https://bugzilla.suse.com/1234427

https://bugzilla.suse.com/1234428

https://bugzilla.suse.com/1234432

https://bugzilla.suse.com/1234433

https://bugzilla.suse.com/1234434

https://bugzilla.suse.com/1234435

https://bugzilla.suse.com/1234436

https://bugzilla.suse.com/1234439

https://bugzilla.suse.com/1234440

https://bugzilla.suse.com/1234446

https://bugzilla.suse.com/1234462

https://bugzilla.suse.com/1234473

https://bugzilla.suse.com/1234476

https://bugzilla.suse.com/1234477

http://www.nessus.org/u?3f2dd8e9

https://www.suse.com/security/cve/CVE-2024-47530

https://www.suse.com/security/cve/CVE-2024-47537

https://www.suse.com/security/cve/CVE-2024-47539

https://www.suse.com/security/cve/CVE-2024-47543

https://www.suse.com/security/cve/CVE-2024-47544

https://www.suse.com/security/cve/CVE-2024-47545

https://www.suse.com/security/cve/CVE-2024-47546

https://www.suse.com/security/cve/CVE-2024-47596

https://www.suse.com/security/cve/CVE-2024-47597

https://www.suse.com/security/cve/CVE-2024-47598

https://www.suse.com/security/cve/CVE-2024-47599

https://www.suse.com/security/cve/CVE-2024-47601

https://www.suse.com/security/cve/CVE-2024-47602

https://www.suse.com/security/cve/CVE-2024-47603

https://www.suse.com/security/cve/CVE-2024-47774

https://www.suse.com/security/cve/CVE-2024-47775

https://www.suse.com/security/cve/CVE-2024-47776

https://www.suse.com/security/cve/CVE-2024-47777

https://www.suse.com/security/cve/CVE-2024-47778

https://www.suse.com/security/cve/CVE-2024-47834

Plugin Details

Severity: High

ID: 213692

File Name: suse_SU-2025-0055-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/10/2025

Updated: 1/10/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-47613

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.6

Threat Score: 7.3

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:gstreamer-plugins-good, p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-lang, p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-gtk

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/9/2025

Vulnerability Publication Date: 9/30/2024

Reference Information

CVE: CVE-2024-47530, CVE-2024-47537, CVE-2024-47539, CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599, CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47606, CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778, CVE-2024-47834

SuSE: SUSE-SU-2025:0055-1