CVE-2024-47834 – GHSL-2024-280: Gstreamer Use-After-Free read in Matroska CodecPrivate
https://notcve.org/view.php?id=CVE-2024-47834
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch https://gstreamer.freedesktop.org/security/sa-2024-0030.html https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer • CWE-416: Use After Free •
CVE-2024-47835 – GHSL-2024-263: Gstreamer NULL-pointer dereference in LRC subtitle parser
https://notcve.org/view.php?id=CVE-2024-47835
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch https://gstreamer.freedesktop.org/security/sa-2024-0029.html https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer • CWE-476: NULL Pointer Dereference •
CVE-2024-47778 – GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk
https://notcve.org/view.php?id=CVE-2024-47778
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch https://gstreamer.freedesktop.org/security/sa-2024-0027.html https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer • CWE-125: Out-of-bounds Read •
CVE-2024-47777 – GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk
https://notcve.org/view.php?id=CVE-2024-47777
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch https://gstreamer.freedesktop.org/security/sa-2024-0027.html https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer • CWE-125: Out-of-bounds Read •
CVE-2024-47776 – GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk
https://notcve.org/view.php?id=CVE-2024-47776
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch https://gstreamer.freedesktop.org/security/sa-2024-0027.html https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer • CWE-125: Out-of-bounds Read •