Out-of-Bounds Read Vulnerability in GStreamer Library by Freedesktop
CVE-2024-47778

5.1MEDIUM

Key Information:

Vendor

Gstreamer

Status
Gstreamer
Vendor
CVE Published:
12 December 2024

What is CVE-2024-47778?

The vulnerability in the GStreamer library specifically affects the gst_wavparse_adtl_chunk function found in gstwavparse.c. This flaw occurs due to inadequate size parameter validation, allowing an out-of-bounds (OOB) read that could compromise process memory integrity. Attackers can exploit this vulnerability to read sensitive data, with a risk of accessing up to 4GB of memory, potentially resulting in a segmentation fault (SEGV) if invalid memory locations are accessed. The issue has been addressed in version 1.24.10.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gstreamer < 1.24.10

References

https://securitylab.github.com/advisories/GHSL-2024-258_G...
x_refsource_CONFIRM
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merg...
x_refsource_MISC
https://gstreamer.freedesktop.org/security/sa-2024-0027.html
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.