security-advisories: sync with www module

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9143>
2025-05-30 00:46:52 +01:00 · 2025-05-30 00:46:52 +01:00 · 111c859d58
commit 111c859d58
parent d5dfa3ef5e
6 changed files with 295 additions and 0 deletions
--- a/security-advisories/sa-2025-0001.md
+++ b/security-advisories/sa-2025-0001.md
@ -0,0 +1,46 @@
+# Security Advisory 2025-0001 (ZDI-CAN-26596, CVE-2025-3887)
+
+<div class="vertical-table">
+
+|                   |                                           |
+| ----------------- | ----------------------------------------- |
+| Summary           | Stack buffer-overflow in H.265 codec parser during slice header parsing     |
+| Date              | 2025-04-24 18:00                          |
+| Affected Versions | GStreamer gst-plugins-bad 1.x < 1.26.1    |
+| IDs               | GStreamer-SA-2025-0001<br/>ZDI-CAN-26596<br/>CVE-2025-3887 |
+
+</div>
+
+## Details
+
+Stack buffer-overflow in H.265 codec parser when handling malformed streams
+before GStreamer 1.26.1.
+
+## Impact
+
+It is possible for a malicious third party to trigger stack buffer-overflows that
+can result in a crash of the application.
+
+## Solution
+
+The gst-plugins-bad 1.26.1 release addresses the issue. People using older
+branches of GStreamer should apply the patch and recompile.
+
+## References
+
+### The GStreamer project
+
+- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
+
+### CVE Database Entries
+
+- [CVE-2025-3887](https://www.cve.org/CVERecord?id=CVE-2025-3887)
+
+### GStreamer 1.26.1 release
+
+- [Release Notes](/releases/1.26/#1.26.1)
+- [GStreamer Plugins Bad 1.26.1](/src/gst-plugins-bad/gst-plugins-bad-1.26.1.tar.xz)
+
+### Patches
+
+- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8884.patch)
--- a/security-advisories/sa-2025-0002.md
+++ b/security-advisories/sa-2025-0002.md
@ -0,0 +1,48 @@
+# Security Advisory 2025-0002 (CVE-2025-47807)
+
+<div class="vertical-table">
+
+|                   |     |
+| ----------------- | --- |
+| Summary           | NULL-pointer dereference in SubRip subtitle parser|
+| Date              | 2025-05-29 23:30 |
+| Affected Versions | GStreamer gst-plugins-base < 1.26.2 |
+| IDs               | GStreamer-SA-2025-0002<br/>CVE-2025-47807 |
+
+</div>
+
+## Details
+
+A NULL-pointer dereference in the SubRip subtitle parser that can cause crashes
+for certain input files.
+
+## Impact
+
+It is possible for a malicious third party to trigger a NULL-pointer dereference
+that can result in a crash of the application.
+
+## Solution
+
+The gst-plugins-base 1.26.2 release addresses the issue. People using older
+branches of GStreamer should apply the patch and recompile.
+
+## References
+
+### The GStreamer project
+
+- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
+
+### CVE Database Entries
+
+- [CVE-2025-47807](https://www.cve.org/CVERecord?id=CVE-2025-47807)
+
+### GStreamer releases
+
+#### 1.26 (current stable)
+
+- [GStreamer 1.26.2 release notes](/releases/1.26/#1.26.2)
+- [GStreamer Plugins Base 1.26.2](/src/gst-plugins-base/gst-plugins-base-1.26.2.tar.xz)
+
+### Patches
+
+- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132.patch) (3-in-1)
--- a/security-advisories/sa-2025-0003.md
+++ b/security-advisories/sa-2025-0003.md
@ -0,0 +1,48 @@
+# Security Advisory 2025-0003 (CVE-2025-47808)
+
+<div class="vertical-table">
+
+|                   |     |
+| ----------------- | --- |
+| Summary           | NULL-pointer dereference in TMPlayer subtitle parser|
+| Date              | 2025-05-29 23:30 |
+| Affected Versions | GStreamer gst-plugins-base < 1.26.2 |
+| IDs               | GStreamer-SA-2025-0003<br/>CVE-2025-47808 |
+
+</div>
+
+## Details
+
+A NULL-pointer dereference in the TMPlayer subtitle parser that can cause crashes
+for certain input files.
+
+## Impact
+
+It is possible for a malicious third party to trigger a NULL-pointer dereference
+that can result in a crash of the application.
+
+## Solution
+
+The gst-plugins-base 1.26.2 release addresses the issue. People using older
+branches of GStreamer should apply the patch and recompile.
+
+## References
+
+### The GStreamer project
+
+- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
+
+### CVE Database Entries
+
+- [CVE-2025-47808](https://www.cve.org/CVERecord?id=CVE-2025-47808)
+
+### GStreamer releases
+
+#### 1.26 (current stable)
+
+- [GStreamer 1.26.2 release notes](/releases/1.26/#1.26.2)
+- [GStreamer Plugins Base 1.26.2](/src/gst-plugins-base/gst-plugins-base-1.26.2.tar.xz)
+
+### Patches
+
+- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132.patch) (3-in-1)
--- a/security-advisories/sa-2025-0004.md
+++ b/security-advisories/sa-2025-0004.md
@ -0,0 +1,56 @@
+# Security Advisory 2025-0004 (CVE-2025-47219)
+
+<div class="vertical-table">
+
+|                   |     |
+| ----------------- | --- |
+| Summary           | Out-of-bounds read in MOV/MP4 demuxer|
+| Date              | 2025-05-29 23:30 |
+| Affected Versions | GStreamer gst-plugins-good < 1.26.2 |
+| IDs               | GStreamer-SA-2025-0004<br/>CVE-2025-47219 |
+
+</div>
+
+## Details
+
+An Out-of-bounds read in the MOV/MP4 demuxer that can cause crashes or
+potentially information leaks for certain input files.
+
+## Impact
+
+It is possible for a malicious third party to trigger an Out-of-bounds read
+that can result in a crash of the application or potentially information leaks.
+
+## Solution
+
+The gst-plugins-good 1.26.2 release addresses the issue.
+
+People using older versions of GStreamer should either upgrade or apply the
+minimal patch and recompile.
+
+Note that the minimal patch is not included in the 1.26.2 release in that form
+since this issue was solved independently [in a different way][MR-8929] as part
+of a bigger refactoring that solved this and many other issues.
+
+[MR-8929]: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8929
+
+## References
+
+### The GStreamer project
+
+- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
+
+### CVE Database Entries
+
+- [CVE-2025-47219](https://www.cve.org/CVERecord?id=CVE-2025-47219)
+
+### GStreamer releases
+
+#### 1.26 (current stable)
+
+- [GStreamer 1.26.2 release notes](/releases/1.26/#1.26.2)
+- [GStreamer Plugins Good 1.26.2](/src/gst-plugins-good/gst-plugins-good-1.26.2.tar.xz)
+
+### Patches
+
+- [Patch for 1.26.1 and earlier versions](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9137.patch)
--- a/security-advisories/sa-2025-0005.md
+++ b/security-advisories/sa-2025-0005.md
@ -0,0 +1,49 @@
+# Security Advisory 2025-0005 (CVE-2025-47183)
+
+<div class="vertical-table">
+
+|                   |     |
+| ----------------- | --- |
+| Summary           | Out-of-bounds read in MOV/MP4 demuxer|
+| Date              | 2025-05-29 23:30 |
+| Affected Versions | GStreamer gst-plugins-good < 1.26.2 |
+| IDs               | GStreamer-SA-2025-0005<br/>CVE-2025-47183 |
+
+</div>
+
+## Details
+
+An Out-of-bounds read in the MOV/MP4 demuxer that can cause crashes or
+potentially information leaks for certain input files.
+
+## Impact
+
+It is possible for a malicious third party to trigger an Out-of-bounds read
+that can result in a crash of the application or potentially information leaks.
+
+## Solution
+
+The gst-plugins-good 1.26.2 release addresses the issue. People using older
+branches of GStreamer should apply the patch and recompile.
+
+## References
+
+### The GStreamer project
+
+- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
+
+### CVE Database Entries
+
+- [CVE-2025-47183](https://www.cve.org/CVERecord?id=CVE-2025-47183)
+
+### GStreamer releases
+
+#### 1.26 (current stable)
+
+- [GStreamer 1.26.2 release notes](/releases/1.26/#1.26.2)
+- [GStreamer Plugins Good 1.26.2](/src/gst-plugins-good/gst-plugins-good-1.26.2.tar.xz)
+
+### Patches
+
+- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9131.patch)
+
--- a/security-advisories/sa-2025-0006.md
+++ b/security-advisories/sa-2025-0006.md
@ -0,0 +1,48 @@
+# Security Advisory 2025-0006 (CVE-2025-47806)
+
+<div class="vertical-table">
+
+|                   |     |
+| ----------------- | --- |
+| Summary           | Stack buffer overflow in SubRip subtitle parser|
+| Date              | 2025-05-29 23:30 |
+| Affected Versions | GStreamer gst-plugins-base < 1.26.2 |
+| IDs               | GStreamer-SA-2025-0006<br/>CVE-2025-47806 |
+
+</div>
+
+## Details
+
+A stack buffer overflow in the SubRip subtitle parser that can cause crashes for
+certain input files.
+
+## Impact
+
+It is possible for a malicious third party to trigger a stack buffer overflow
+that can result in a crash of the application.
+
+## Solution
+
+The gst-plugins-base 1.26.2 release addresses the issue. People using older
+branches of GStreamer should apply the patch and recompile.
+
+## References
+
+### The GStreamer project
+
+- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org)
+
+### CVE Database Entries
+
+- [CVE-2025-47806](https://www.cve.org/CVERecord?id=CVE-2025-47806)
+
+### GStreamer releases
+
+#### 1.26 (current stable)
+
+- [GStreamer 1.26.2 release notes](/releases/1.26/#1.26.2)
+- [GStreamer Plugins Base 1.26.2](/src/gst-plugins-base/gst-plugins-base-1.26.2.tar.xz)
+
+### Patches
+
+- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132.patch) (3-in-1)