Out-of-Bounds Read Vulnerability in GStreamer Library
CVE-2024-47775

5.1MEDIUM

Key Information:

Vendor

Gstreamer

Status
Gstreamer
Vendor
CVE Published:
12 December 2024

What is CVE-2024-47775?

The GStreamer library, known for its ability to construct media-handling component graphs, has been identified with an out-of-bounds read vulnerability in the parse_ds64 function located within gstwavparse.c. This specific function lacks adequate checks to ensure that the data buffer, referred to as buf, contains sufficient data before executing multiple GST_READ_UINT32_LE operations. The absence of boundary checks opens the possibility for an out-of-bounds read when the buf size is smaller than anticipated. Consequently, this vulnerability may not only lead to a denial of service through potential application crashes but could also result in the unauthorized exfiltration of sensitive information. Users are advised to upgrade to GStreamer version 1.24.10, where this vulnerability has been addressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gstreamer < 1.24.10

References

https://securitylab.github.com/advisories/GHSL-2024-261_G...
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0027.html
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.