SUSE has announced updates for the gstreamer-plugins-base packages, which address moderate security vulnerabilities for users of openSUSE Leap 15.6 and SUSE Linux Enterprise 15 SP6 and SP7. This update, identified by the announcement ID SUSE-SU-2025:02302-1, was released on July 14, 2025, and resolves three specific issues:
1. CVE-2025-47808: A NULL-pointer dereference in the TMPlayer subtitle parser.
2. CVE-2025-47807: A NULL-pointer dereference in the SubRip subtitle parser.
3. CVE-2025-47806: A stack buffer overflow in the SubRip subtitle parser.
The vulnerabilities have been rated with CVSS scores of 5.1 and 5.5, indicating their moderate severity. The update is available for various product modules, including multiple architectures such as aarch64, ppc64le, s390x, and x86_64.
To install the update, users are advised to utilize SUSE's recommended installation methods, such as YaST online_update or the "zypper patch" command. Specific commands for different product versions are provided for users to follow.
In conclusion, keeping gstreamer-plugins-base packages updated is crucial for maintaining system security and performance. Users should regularly check for updates and apply them promptly to mitigate potential vulnerabilities. For more information on the specific vulnerabilities and the update process, references to the relevant CVEs and bug reports are available
1. CVE-2025-47808: A NULL-pointer dereference in the TMPlayer subtitle parser.
2. CVE-2025-47807: A NULL-pointer dereference in the SubRip subtitle parser.
3. CVE-2025-47806: A stack buffer overflow in the SubRip subtitle parser.
The vulnerabilities have been rated with CVSS scores of 5.1 and 5.5, indicating their moderate severity. The update is available for various product modules, including multiple architectures such as aarch64, ppc64le, s390x, and x86_64.
To install the update, users are advised to utilize SUSE's recommended installation methods, such as YaST online_update or the "zypper patch" command. Specific commands for different product versions are provided for users to follow.
In conclusion, keeping gstreamer-plugins-base packages updated is crucial for maintaining system security and performance. Users should regularly check for updates and apply them promptly to mitigate potential vulnerabilities. For more information on the specific vulnerabilities and the update process, references to the relevant CVEs and bug reports are available
Gstreamer-Plugins-Base updates for SUSE
Updated gstreamer-plugins-base packages have been released for openSUSE Leap 15.6 and SUSE Linux Enterprise 15 SP6/7:
SUSE-SU-2025:02302-1: moderate: Security update for gstreamer-plugins-base
