Out of Bounds Read in GStreamer Library Affecting Multiple Media Applications
CVE-2024-47598

9.1CRITICAL

Key Information:

Vendor: Gstreamer Project
Status: Gstreamer
Vendor: CVE Published:; 12 December 2024

🔔 Create Gstreamer Project Vulnerability Alert

What is CVE-2024-47598?

An Out of Bounds (OOB) read vulnerability has been detected in the GStreamer library, specifically within the qtdemux_merge_sample_table function in qtdemux.c. This vulnerability arises due to inadequate validation of the stts buffer size before accessing stts_duration. As a result, the program may inadvertently read 4 bytes beyond the allocated memory limits of the stts array, potentially exposing sensitive information or causing undefined behavior in applications leveraging GStreamer. The issue has been addressed in version 1.24.10 of GStreamer.

References

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...

https://gstreamer.freedesktop.org/security/sa-2024-0006.html

https://securitylab.github.com/advisories/GHSL-2024-246_G...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024