Alpine: multiple gst-plugins-base packages: security update to 1.24.10-r0

high Tenable Self-Hosted Container Security Plugin ID 423991

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been
detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read
from the input file without proper validation. As a result, size can exceed the fixed size of the
pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire
pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380
bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in
1.24.10. (CVE-2024-47615)

- GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has
been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position
array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write
beyond the boundaries of the position array. The value written will always be
`GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address
allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This
vulnerability is fixed in 1.24.10. (CVE-2024-47538)

- GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability
has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This
function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are
enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an
opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring.
With each successive loop iteration, the size passed to memmove() becomes progressively larger
(strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in
1.24.10. (CVE-2024-47541)

- GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference
has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is
called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation,
resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by
triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. (CVE-2024-47542)

- GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has
been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local
array position, which is defined with a fixed size of 64 elements. However, the function
gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the
for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index
greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack.
Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory
corruption or undefined behavior. This vulnerability is fixed in 1.24.10. (CVE-2024-47600)

See Also

https://security.alpinelinux.org/vuln/CVE-2024-47538

https://security.alpinelinux.org/vuln/CVE-2024-47541

https://security.alpinelinux.org/vuln/CVE-2024-47542

https://security.alpinelinux.org/vuln/CVE-2024-47600

https://security.alpinelinux.org/vuln/CVE-2024-47607

https://security.alpinelinux.org/vuln/CVE-2024-47615

https://security.alpinelinux.org/vuln/CVE-2024-47835

Plugin Details

Severity: High

ID: 423991

Version: Revision 1.10

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.05

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-47615

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.6

Threat Score: 7.3

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/6/2024

Reference Information

CVE: CVE-2024-47538, CVE-2024-47541, CVE-2024-47542, CVE-2024-47600, CVE-2024-47607, CVE-2024-47615, CVE-2024-47835