Home / mailingsPDF  

[USN-7807-1] GStreamer Base Plugins vulnerabilities

Posted on 08 October 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7807-1
October 07, 2025

gst-plugins-base1.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in GStreamer Base Plugins.

Software Description:
- gst-plugins-base1.0: GStreamer plugins

Details:

Michael Randrianantenaina discovered that GStreamer Base Plugins did not
correctly handle certain integer operations. An attacker could possibly
use this issue to execute arbitrary code. (CVE-2023-37327, CVE-2024-4453)

Michael Randrianantenaina discovered that GStreamer Base Plugins did not
correctly handle certain memory operations. An attacker could possibly
use this issue to execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2023-37328)

Antonio Morales discovered that GStreamer Base Plugins did not correctly
handle certain memory operations. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2024-47538)

Antonio Morales discovered that GStreamer Base Plugins did not correctly
handle parsing certain inputs, which could lead to an out-of-bounds access
vulnerability. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2024-47541, CVE-2024-47615)

Antonio Morales discovered that GStreamer Base Plugins did not correctly
handle certain memory operations. An attacker could possibly use this
issue to cause a denial of service. (CVE-2024-47542, CVE-2024-47607,
CVE-2024-47835)

Antonio Morales discovered that GStreamer Base Plugins did not correctly
handle parsing certain inputs, which could lead to an out-of-bounds access
vulnerability. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2024-47600)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
libgstreamer-plugins-base1.0-0 1.14.5-0ubuntu1~18.04.3+esm1
Available with Ubuntu Pro
libgstreamer-plugins-base1.0-dev 1.14.5-0ubuntu1~18.04.3+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libgstreamer-plugins-base1.0-0 1.8.3-1ubuntu0.3+esm2
Available with Ubuntu Pro
libgstreamer-plugins-base1.0-dev 1.8.3-1ubuntu0.3+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7807-1
CVE-2023-37327, CVE-2023-37328, CVE-2024-4453, CVE-2024-47538,
CVE-2024-47541, CVE-2024-47542, CVE-2024-47600, CVE-2024-47607,
CVE-2024-47615, CVE-2024-47835

--===============6412198650369247740==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :