Описание
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
A flaw was found in the GStreamer library. An out-of-bounds write in the SSA subtitle parser can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1-plugins-base | Affected | ||
| Red Hat Enterprise Linux 7 | gstreamer1-plugins-base | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gstreamer1-plugins-base | Out of support scope | ||
| Red Hat Enterprise Linux 9 | gstreamer1-plugins-base | Fixed | RHSA-2025:7243 | 13.05.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
6.2 Medium
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость функции gst_ssa_parse_remove_override_codes мультимедийного фреймворка Gstreamer, позволяющая нарушителю вызвать отказ в обслуживании
ELSA-2025-7243: gstreamer1-plugins-base security update (MODERATE)
6.2 Medium
CVSS3