Amazon Linux 2023 Security Advisory: ALAS2023-2025-1185
Advisory Released Date: 2025-09-15
Advisory Updated Date: 2025-09-15
Severity:
Medium
Issue Overview:
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. (CVE-2025-47183)
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure. (CVE-2025-47219)
Affected Packages:
gstreamer1-plugins-good
Issue Correction:
Run dnf update gstreamer1-plugins-good --releasever 2023.8.20250915 or dnf update --advisory ALAS2023-2025-1185 --releasever 2023.8.20250915 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
gstreamer1-plugins-good-gtk-debuginfo-1.24.10-1.amzn2023.0.3.aarch64
gstreamer1-plugins-good-gtk-1.24.10-1.amzn2023.0.3.aarch64
gstreamer1-plugins-good-debuginfo-1.24.10-1.amzn2023.0.3.aarch64
gstreamer1-plugins-good-1.24.10-1.amzn2023.0.3.aarch64
gstreamer1-plugins-good-debugsource-1.24.10-1.amzn2023.0.3.aarch64
src:
gstreamer1-plugins-good-1.24.10-1.amzn2023.0.3.src
x86_64:
gstreamer1-plugins-good-gtk-1.24.10-1.amzn2023.0.3.x86_64
gstreamer1-plugins-good-debuginfo-1.24.10-1.amzn2023.0.3.x86_64
gstreamer1-plugins-good-debugsource-1.24.10-1.amzn2023.0.3.x86_64
gstreamer1-plugins-good-gtk-debuginfo-1.24.10-1.amzn2023.0.3.x86_64
gstreamer1-plugins-good-1.24.10-1.amzn2023.0.3.x86_64