An update for gstreamer1-plugins-base is now available for Red Hat Enterprise
 Linux 9.

Red Hat Product Security has rated this update as having a security impact of
 Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

GStreamer is a streaming media framework based on graphs of filters which
 operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.

Security Fix(es):

* gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer
 dereference (CVE-2024-47542)

* gstreamer1-plugins-base: GStreamer has an out-of-bounds write in SSA subtitle
 parser (CVE-2024-47541)

* gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask
 (CVE-2024-47600)

* gstreamer1-plugins-base: NULL-pointer dereference in LRC subtitle parser
 (CVE-2024-47835)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise
 Linux 9 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-47541: Out-of-bounds Write (CWE-787)
CVE-2024-47542: NULL Pointer Dereference (CWE-476)
CVE-2024-47600: Out-of-bounds Read (CWE-125)
CVE-2024-47835: NULL Pointer Dereference (CWE-476)