Amazon Linux 2023 Security Advisory: ALAS2023-2025-1184
Advisory Released Date: 2025-09-15
Advisory Updated Date: 2025-09-15
Severity:
Medium
References:
CVE-2025-47806
CVE-2025-47807
CVE-2025-47808
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash. (CVE-2025-47806)
In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. (CVE-2025-47807)
In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. (CVE-2025-47808)
Affected Packages:
gstreamer1-plugins-base
Issue Correction:
Run dnf update gstreamer1-plugins-base --releasever 2023.8.20250915 or dnf update --advisory ALAS2023-2025-1184 --releasever 2023.8.20250915 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
gstreamer1-plugins-base-tools-debuginfo-1.24.10-1.amzn2023.0.2.aarch64
gstreamer1-plugins-base-tools-1.24.10-1.amzn2023.0.2.aarch64
gstreamer1-plugins-base-debuginfo-1.24.10-1.amzn2023.0.2.aarch64
gstreamer1-plugins-base-debugsource-1.24.10-1.amzn2023.0.2.aarch64
gstreamer1-plugins-base-devel-1.24.10-1.amzn2023.0.2.aarch64
gstreamer1-plugins-base-1.24.10-1.amzn2023.0.2.aarch64
src:
gstreamer1-plugins-base-1.24.10-1.amzn2023.0.2.src
x86_64:
gstreamer1-plugins-base-tools-debuginfo-1.24.10-1.amzn2023.0.2.x86_64
gstreamer1-plugins-base-tools-1.24.10-1.amzn2023.0.2.x86_64
gstreamer1-plugins-base-debuginfo-1.24.10-1.amzn2023.0.2.x86_64
gstreamer1-plugins-base-devel-1.24.10-1.amzn2023.0.2.x86_64
gstreamer1-plugins-base-debugsource-1.24.10-1.amzn2023.0.2.x86_64
gstreamer1-plugins-base-1.24.10-1.amzn2023.0.2.x86_64