GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer
CVE-2024-47615

8.6HIGH

Key Information:

Vendor

Gstreamer

Status
Gstreamer
Vendor
CVE Published:
12 December 2024

What is CVE-2024-47615?

A security flaw exists in the GStreamer library, specifically within the function gst_parse_vorbis_setup_packet located in vorbis_parse.c. This vulnerability arises due to the improper validation of an integer size read from the input file. Consequently, the size can surpass the predefined limit of the pad->vorbis_mode_sizes array, which holds a maximum size of 256. This oversight allows the for loop to inadvertently overwrite the entire pad structure with binary values, thereby affecting adjacent memory locations. The potential for memory corruption extends up to 380 bytes beyond the boundaries of the pad structure, posing significant risk for systems utilizing GStreamer. The issue has been rectified in version 1.24.10.

Affected Version(s)

gstreamer < 1.24.10

References

https://securitylab.github.com/advisories/GHSL-2024-115_G...
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0026.html
x_refsource_MISC

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.