Detections
Analytics

Amazon Linux 2 : gstreamer1-plugins-base (ALAS-2025-2971)

medium Nessus Plugin ID 252302

Language:

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2971 advisory.

 GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket } appears before an opening curly bracket { in the input string. In this case, memmove() incorrectly duplicates a substring.
 With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10. (CVE-2024-47541)

 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. (CVE-2024-47542)

 GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack.
 Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10. (CVE-2024-47600)

 GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10. (CVE-2024-47835)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update gstreamer1-plugins-base' to update your system.

See Also

https://alas.aws.amazon.com//AL2/ALAS2-2025-2971.html

https://alas.aws.amazon.com/faqs.html

https://explore.alas.aws.amazon.com/CVE-2024-47541.html

https://explore.alas.aws.amazon.com/CVE-2024-47542.html

https://explore.alas.aws.amazon.com/CVE-2024-47600.html

https://explore.alas.aws.amazon.com/CVE-2024-47835.html

Plugin Details

Severity: Medium

ID: 252302

File Name: al2_ALAS-2025-2971.nasl

Version: 1.1

Type: local

Agent: unix

Published: 8/19/2025

Updated: 8/19/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS Score Source: CVE-2024-47600

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Threat Score: 5.5

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-47541

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:gstreamer1-plugins-base-debuginfo, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:gstreamer1-plugins-base, p-cpe:/a:amazon:linux:gstreamer1-plugins-base-devel, p-cpe:/a:amazon:linux:gstreamer1-plugins-base-tools

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: No known exploits are available

Patch Publication Date: 8/12/2025

Vulnerability Publication Date: 12/6/2024

Reference Information

CVE: CVE-2024-47541, CVE-2024-47542, CVE-2024-47600, CVE-2024-47835