Out-of-Bounds Read Vulnerability in GStreamer Library
CVE-2024-47777

9.1CRITICAL

Key Information:

Vendor: Gstreamer Project
Status: Gstreamer
Vendor: CVE Published:; 12 December 2024

🔔 Create Gstreamer Project Vulnerability Alert

What is CVE-2024-47777?

An out-of-bounds read vulnerability has been identified in the GStreamer library, specifically within the gst_wavparse_smpl_chunk function of gstwavparse.c. This function attempts to read data from a buffer with an offset, potentially leading to memory leaks or unintended data exposure if the data buffer is inadequately sized. The vulnerability allows for the reading of 4 bytes outside the designated memory bounds, which could be exploited by attackers to access sensitive information or disrupt services. The issue has been addressed in version 1.24.10 and users are advised to update their installations to avoid the risks associated with this vulnerability.

References

https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...

https://gstreamer.freedesktop.org/security/sa-2024-0027.html

https://securitylab.github.com/advisories/GHSL-2024-259_G...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024