The Debian advisory page talks of v1.14.4-2; never mind. But I could find no link to any patch.
However, starting from the Gstreamer project page, then:
 https://gstreamer.freedesktop.org/news/
"GStreamer 1.24.3 stable bug fix release
 Highlighted bugfixes:
    EXIF image tag parsing security fixes"
->
 https://gstreamer.freedesktop.org/security/sa-2024-0002.html
"Security Advisory 2024-0002 (ZDI-CAN-23896, CVE-2024-4453)
Heap-based buffer overflow in the EXIF image tag parser when handling certain malformed streams before GStreamer 1.24.3 or 1.22.12."
->
 https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6766.patch
gives the actual patch!

Assigning this globally.

Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated packages fix a security vulnerability:

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. (CVE-2024-4453)

References:
https://lwn.net/Articles/976177/
https://gstreamer.freedesktop.org/security/sa-2024-0002.html
========================

Updated packages in core/updates_testing:
========================
gstreamer1.0-cdparanoia-1.22.11-1.1.mga9
gstreamer1.0-libvisual-1.22.11-1.1.mga9
gstreamer1.0-plugins-base-1.22.11-1.1.mga9
lib(64)gstgl-gir1.0-1.22.11-1.1.mga9
lib(64)gstgl1.0_0-1.22.11-1.1.mga9
lib(64)gstreamer-plugins-base-gir1.0-1.22.11-1.1.mga9
lib(64)gstreamer-plugins-base1.0_0-1.22.11-1.1.mga9
lib(64)gstreamer-plugins-base1.0-devel-1.22.11-1.1.mga9

from SRPM:
gstreamer1.0-plugins-base-1.22.11-1.1.mga9.src.rpm

Status comment: Fixed upstream in 1.24.3 and patch available from Debian => (none)
Version: Cauldron => 9
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Source RPM: gstreamer1.0-plugins-base-1.24.1-1.mga10.src.rpm => gstreamer1.0-plugins-base-1.22.11-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)

To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "QA Testing (64-bit)")
  gstreamer1.0-cdparanoia        1.22.11      1.1.mga9      x86_64  
  gstreamer1.0-libvisual         1.22.11      1.1.mga9      x86_64  
  gstreamer1.0-plugins-base      1.22.11      1.1.mga9      x86_64  
  lib64gstgl-gir1.0              1.22.11      1.1.mga9      x86_64  
  lib64gstgl1.0_0                1.22.11      1.1.mga9      x86_64  
  lib64gstreamer-plugins-base-g> 1.22.11      1.1.mga9      x86_64  
  lib64gstreamer-plugins-base1.> 1.22.11      1.1.mga9      x86_64  
(medium "Core Updates (distrib48)")
  lib64xml2_2                    2.10.4       1.4.mga9      x86_64  
  libxml2-python3                2.10.4       1.4.mga9      x86_64  
  libxml2-utils                  2.10.4       1.4.mga9      x86_64  
(medium "Core 32bit Updates (distrib77)")
  libxml2_2                      2.10.4       1.4.mga9      i586    
84B of additional disk space will be used.
3.7MB of packages will be retrieved.
Proceed with the installation of the 11 packages? (Y/n) y

updated without issue.

played back a .mp4 file without issue
played back a .mp3 file without issue

CC: (none) => westel

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Played wav and avi files under strace with parole and found gstreamer libs opened in trace file,
$ strace -o ~/Documents/gstream.txr parole 12demandeel1.avi 
$ cd ../Music/Anglo-Saxon\ Easter/
$ strace -o ~/Documents/gstream.txt parole 06-Alleluia.wav 
So OK for me, taking Ben's testing into account.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

RH mageia 9 i586

 LC_ALL=C urpmi --auto --auto-update 
medium "QA Testing (32-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date


installing gstreamer1.0-plugins-base-1.22.11-1.1.mga9.i586.rpm gstreamer1.0-cdparanoia-1.22.11-1.1.mga9.i586.rpm libgstgl1.0_0-1.22.11-1.1.mga9.i586.rpm libgstreamer-plugins-base1.0_0-1.22.11-1.1.mga9.i586.rpm from //home/katnatek/qa-testing/i586
Preparing...                     ################################################################
      1/4: libgstreamer-plugins-base1.0_0
                                 ################################################################
      2/4: libgstgl1.0_0         ################################################################
      3/4: gstreamer1.0-plugins-base
                                 ################################################################
      4/4: gstreamer1.0-cdparanoia
                                 ################################################################
      1/4: removing gstreamer1.0-cdparanoia-1.22.11-1.mga9.i586
                                 ################################################################
      2/4: removing gstreamer1.0-plugins-base-1.22.11-1.mga9.i586
                                 ################################################################
      3/4: removing libgstgl1.0_0-1.22.11-1.mga9.i586
                                 ################################################################
      4/4: removing libgstreamer-plugins-base1.0_0-1.22.11-1.mga9.i586
                                 ################################################################

Play audio and video files with gst-play-1.0 without issues
Tested strawberry a music player gstreamer based without issues

Adding the i586 OK, and validating.

Keywords: (none) => validated_update
Whiteboard: MGA9-64-OK => MGA9-64-OK MGA9-32-OK
CC: (none) => andrewsfarm, sysadmin-bugs

The adv file is missing the package(s).

CC: (none) => dan

(In reply to Dan Fandrich from comment #7)
> The adv file is missing the package(s).

Fixed

playing back .mp4 files uneventfully

CC: (none) => tablackwell

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0215.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED