Out-of-Bounds Read Vulnerability in GStreamer Library
CVE-2024-47777

5.1MEDIUM

Key Information:

Vendor

Gstreamer

Status
Gstreamer
Vendor
CVE Published:
12 December 2024

What is CVE-2024-47777?

An out-of-bounds read vulnerability has been identified in the GStreamer library, specifically within the gst_wavparse_smpl_chunk function of gstwavparse.c. This function attempts to read data from a buffer with an offset, potentially leading to memory leaks or unintended data exposure if the data buffer is inadequately sized. The vulnerability allows for the reading of 4 bytes outside the designated memory bounds, which could be exploited by attackers to access sensitive information or disrupt services. The issue has been addressed in version 1.24.10 and users are advised to update their installations to avoid the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gstreamer < 1.24.10

References

https://securitylab.github.com/advisories/GHSL-2024-259_G...
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0027.html
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.