Detections
Analytics
SUSE SLES15 Security Update : gstreamer-plugins-good (SUSE-SU-2025:02055-1)
high Nessus Plugin ID 240605
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02055-1 advisory.- CVE-2024-47537: Fixed OOB-write in isomp4/qtdemux.c (bsc#1234414)
- CVE-2024-47539: Fixed OOB-write in convert_to_s334_1a (bsc#1234417)
- CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer (bsc#1234421)
- CVE-2024-47543: Fixed OOB-read in qtdemux_parse_container (bsc#1234462)
- CVE-2024-47544: Fixed NULL-pointer dereferences in MP4/MOV demuxer CENC handling (bsc#1234473)
- CVE-2024-47545: Fixed integer underflow in FOURCC_strf parsing leading to OOB-read (bsc#1234476)
- CVE-2024-47546: Fixed integer underflow in extract_cc_from_data leading to OOB-read (bsc#1234477)
- CVE-2024-47596: Fixed integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads (bsc#1234424)
- CVE-2024-47597: Fixed OOB-reads in MP4/MOV demuxer sample table parser (bsc#1234425)
- CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences (bsc#1234427)
- CVE-2024-47601: Fixed NULL-pointer dereference in Matroska/WebM demuxer (bsc#1234428)
- CVE-2024-47602: Fixed NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer (bsc#1234432)
- CVE-2024-47603: Fixed NULL-pointer dereference in Matroska/WebM demuxer (bsc#1234433)
- CVE-2024-47606: Fixed integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of- bounds writes (bsc#1234449)
- CVE-2024-47613: Fixed NULL-pointer dereference in gdk-pixbuf decoder (bsc#1234447)
- CVE-2024-47774: Fixed integer overflow in AVI subtitle parser that leads to out-of-bounds reads (bsc#1234446)
- CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser (bsc#1234434)
- CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser (bsc#1234435)
- CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser (bsc#1234436)
- CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser (bsc#1234439)
- CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files (bsc#1234440)
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected gstreamer-plugins-good and / or gstreamer-plugins-good-lang packages.See Also
https://bugzilla.suse.com/1234414
https://bugzilla.suse.com/1234417
https://bugzilla.suse.com/1234421
https://bugzilla.suse.com/1234424
https://bugzilla.suse.com/1234425
https://bugzilla.suse.com/1234427
https://bugzilla.suse.com/1234428
https://bugzilla.suse.com/1234432
https://bugzilla.suse.com/1234433
https://bugzilla.suse.com/1234434
https://bugzilla.suse.com/1234435
https://bugzilla.suse.com/1234436
https://bugzilla.suse.com/1234439
https://bugzilla.suse.com/1234440
https://bugzilla.suse.com/1234446
https://bugzilla.suse.com/1234447
https://bugzilla.suse.com/1234449
https://bugzilla.suse.com/1234462
https://bugzilla.suse.com/1234473
https://bugzilla.suse.com/1234476
https://bugzilla.suse.com/1234477
https://lists.suse.com/pipermail/sle-updates/2025-June/040414.html
https://www.suse.com/security/cve/CVE-2024-47537
https://www.suse.com/security/cve/CVE-2024-47539
https://www.suse.com/security/cve/CVE-2024-47540
https://www.suse.com/security/cve/CVE-2024-47543
https://www.suse.com/security/cve/CVE-2024-47544
https://www.suse.com/security/cve/CVE-2024-47545
https://www.suse.com/security/cve/CVE-2024-47546
https://www.suse.com/security/cve/CVE-2024-47596
https://www.suse.com/security/cve/CVE-2024-47597
https://www.suse.com/security/cve/CVE-2024-47599
https://www.suse.com/security/cve/CVE-2024-47601
https://www.suse.com/security/cve/CVE-2024-47602
https://www.suse.com/security/cve/CVE-2024-47603
https://www.suse.com/security/cve/CVE-2024-47606
https://www.suse.com/security/cve/CVE-2024-47613
https://www.suse.com/security/cve/CVE-2024-47774
https://www.suse.com/security/cve/CVE-2024-47775
https://www.suse.com/security/cve/CVE-2024-47776
https://www.suse.com/security/cve/CVE-2024-47777
Plugin Details
Severity: High
ID: 240605
File Name: suse_SU-2025-02055-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/26/2025
Updated: 6/26/2025
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-47613
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v4
Risk Factor: High
Base Score: 8.6
Threat Score: 6.1
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:gstreamer-plugins-good, p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-lang, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 6/20/2025
Vulnerability Publication Date: 12/6/2024
Reference Information
CVE: CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47599, CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47606, CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778, CVE-2024-47834
SuSE: SUSE-SU-2025:02055-1