The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1131 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2024-47834:
    GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read     vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams.
    In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk     is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the     gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is     accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be     accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the     function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.

    CVE-2024-47778:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has     been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to     insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a     result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB     of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This     vulnerability is fixed in 1.24.10.

    CVE-2024-47777:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has     been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to     read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If     the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4     bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.

    CVE-2024-47776:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been     discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy     between the size of the data buffer and the size value provided to the function. This mismatch causes the     comparison  if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access     beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when     clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds     of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This     vulnerability is fixed in 1.24.10.

    CVE-2024-47775:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has     been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that     the buffer buf contains sufficient data before attempting to read from it, doing multiple     GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is     smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially     leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in     1.24.10.

    CVE-2024-47774:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has     been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function     reads the name_length value directly from the input file without checking it properly. Then, the a     condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an     integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an     OOB-read. This vulnerability is fixed in 1.24.10.

    CVE-2024-47613:
    GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has     been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position     array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write     beyond the boundaries of the position array. The value written will always be     GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the     stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed     in 1.24.10.

    CVE-2024-47606:
    GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been     detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to     an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an     unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer     (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function     gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The     function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of     the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When     the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the     content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten     memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with     a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow     of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.

    CVE-2024-47603:
    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference     vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-     demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values.
    If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null     pointer. Attempting to dereference the size field of this null pointer results in a null pointer     dereference. This vulnerability is fixed in 1.24.10.

    CVE-2024-47602:
    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference     vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-     demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the     following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference     a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.

    CVE-2024-47601:
    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference     vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function     within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer     before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is     fixed in 1.24.10.

    CVE-2024-47599:
    GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference     vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function     does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens,     dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can     result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed     in 1.24.10.

    CVE-2024-47598:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has     been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size     of the stts buffer isnt properly checked before reading stts_duration, allowing the program to read 4     bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated     bounds of the stts array. This vulnerability is fixed in 1.24.10.

    CVE-2024-47597:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected     in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function     qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code     snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing     the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This     vulnerability is fixed in 1.24.10.

    CVE-2024-47596:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been     discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case,     seqh_size is read from the input file without proper validation. If seqh_size is greater than the     remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill,     which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or     potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed     in 1.24.10.

    CVE-2024-47546:
    GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been     detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction     atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction     underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-     of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.

    CVE-2024-47545:
    GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been     detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction     size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent     call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This     vulnerability is fixed in 1.24.10.

    CVE-2024-47544:
    GStreamer is a library for constructing graphs of media-handling components. The function     qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is     fixed in 1.24.10.

    CVE-2024-47543:
    GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has     been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function     qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the     pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container     function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This     vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation     fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

    CVE-2024-47540:
    GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack     variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within     matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable.
    Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the     uninitialized map variable, causing a function pointer hijack, as it will jump to     mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to     hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.

    CVE-2024-47539:
    GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write     vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability     arises due to a discrepancy between the size of memory allocated to the storage array and the loop     condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does     not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the     overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed     in 1.24.10.

    CVE-2024-47537:
    GStreamer is a library for constructing graphs of media-handling components. The program attempts to     reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count     elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this     value is big enough, this can lead to an integer overflow during the addition. As a consequence,     g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following     this, the program iterates through samples_count elements and attempts to write samples_count number of     elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This     vulnerability is fixed in 1.24.10.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

TencentOS Server 4: gstreamer1-plugins-good (TSSA-2024:1131)

high Nessus Plugin ID 239705

Version 1.2

Version 1.1

Version 1.2 Nov 21, 2025, 2:12 PM CVE (set "CVE" coverage to "CVE-2024-47537,CVE-2024-47539,CVE-2024-47540,CVE-2024-47543,CVE-2024-47544,CVE-2024-47545,CVE-2024-47546,CVE-2024-47596,CVE-2024-47597,CVE-2024-47598,CVE-2024-47599,CVE-2024-47601,CVE-2024-47602,CVE-2024-47603,CVE-2024-47606,CVE-2024-47613,CVE-2024-47774,CVE-2024-47775,CVE-2024-47776,CVE-2024-47777,CVE-2024-47778,CVE-2024-47834") CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 9.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 8.6) CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U") CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2024-47613") Plugin metadata Plugin Feed: 202511211412
Version 1.1 Jun 17, 2025, 2:02 AM New Plugin Feed: 202506170202