Stack-based Buffer Overflow in gstvorbisdec Causes EIP Address Overwrite
CVE-2024-47538

8.6HIGH

Key Information:

Vendor

Gstreamer

Status
Gstreamer
Vendor
CVE Published:
12 December 2024

What is CVE-2024-47538?

A vulnerability has been identified in the GStreamer media handling library, specifically in the vorbis_handle_identification_packet function of gstvorbisdec.c. This issue arises from a stack-buffer overflow due to the position array, which is allocated on the stack with a size of 64. If the number of channels (vd->vi.channels) exceeds 64, it triggers a loop that writes beyond the bounds of this array, potentially overwriting critical data in the stack, including the EIP address. Such an exploit may also corrupt the GstAudioInfo structure. This concern has been addressed in version 1.24.10.

Affected Version(s)

gstreamer < 1.24.10

References

https://securitylab.github.com/advisories/GHSL-2024-115_G...
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0022.html
x_refsource_MISC

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.