Amazon Linux 2 Security Advisory: ALAS-2025-2747
Advisory Release Date: 2025-01-30 22:56 Pacific
Advisory Updated Date: 2025-02-04 11:02 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-23896. (CVE-2024-4453)
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10. (CVE-2024-47538)
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10. (CVE-2024-47607)
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10. (CVE-2024-47615)
Affected Packages:
gstreamer1-plugins-base
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update gstreamer1-plugins-base to update your system.
aarch64:
gstreamer1-plugins-base-1.18.4-5.amzn2.0.7.aarch64
gstreamer1-plugins-base-tools-1.18.4-5.amzn2.0.7.aarch64
gstreamer1-plugins-base-devel-1.18.4-5.amzn2.0.7.aarch64
gstreamer1-plugins-base-debuginfo-1.18.4-5.amzn2.0.7.aarch64
i686:
gstreamer1-plugins-base-1.18.4-5.amzn2.0.7.i686
gstreamer1-plugins-base-tools-1.18.4-5.amzn2.0.7.i686
gstreamer1-plugins-base-devel-1.18.4-5.amzn2.0.7.i686
gstreamer1-plugins-base-debuginfo-1.18.4-5.amzn2.0.7.i686
src:
gstreamer1-plugins-base-1.18.4-5.amzn2.0.7.src
x86_64:
gstreamer1-plugins-base-1.18.4-5.amzn2.0.7.x86_64
gstreamer1-plugins-base-tools-1.18.4-5.amzn2.0.7.x86_64
gstreamer1-plugins-base-devel-1.18.4-5.amzn2.0.7.x86_64
gstreamer1-plugins-base-debuginfo-1.18.4-5.amzn2.0.7.x86_64