Amazon Linux 2 Security Advisory: ALAS-2025-2748
Advisory Release Date: 2025-01-30 22:56 Pacific
Advisory Updated Date: 2025-02-26 22:35 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10. (CVE-2024-47537)
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10. (CVE-2024-47540)
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. (CVE-2024-47613)
Affected Packages:
gstreamer1-plugins-good
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update gstreamer1-plugins-good to update your system.
aarch64:
gstreamer1-plugins-good-1.18.4-6.amzn2.0.4.aarch64
gstreamer1-plugins-good-gtk-1.18.4-6.amzn2.0.4.aarch64
gstreamer1-plugins-good-debuginfo-1.18.4-6.amzn2.0.4.aarch64
i686:
gstreamer1-plugins-good-1.18.4-6.amzn2.0.4.i686
gstreamer1-plugins-good-gtk-1.18.4-6.amzn2.0.4.i686
gstreamer1-plugins-good-debuginfo-1.18.4-6.amzn2.0.4.i686
src:
gstreamer1-plugins-good-1.18.4-6.amzn2.0.4.src
x86_64:
gstreamer1-plugins-good-1.18.4-6.amzn2.0.4.x86_64
gstreamer1-plugins-good-gtk-1.18.4-6.amzn2.0.4.x86_64
gstreamer1-plugins-good-debuginfo-1.18.4-6.amzn2.0.4.x86_64