CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47834 – GHSL-2024-280: Gstreamer Use-After-Free read in Matroska CodecPrivate
https://notcve.org/view.php?id=CVE-2024-47834
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed ... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47835 – GHSL-2024-263: Gstreamer NULL-pointer dereference in LRC subtitle parser
https://notcve.org/view.php?id=CVE-2024-47835
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47778 – GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk
https://notcve.org/view.php?id=CVE-2024-47778
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47777 – GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk
https://notcve.org/view.php?id=CVE-2024-47777
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47776 – GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk
https://notcve.org/view.php?id=CVE-2024-47776
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation w... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47775 – GHSL-2024-261: GStreamer has an OOB-read in parse_ds64
https://notcve.org/view.php?id=CVE-2024-47775
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potential... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47774 – GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk
https://notcve.org/view.php?id=CVE-2024-47774
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leadi... • https://github.com/github/securitylab-vulnerabilities/issues/1826 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47613 – GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush
https://notcve.org/view.php?id=CVE-2024-47613
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47615 – GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer
https://notcve.org/view.php?id=CVE-2024-47615
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47607 – GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header
https://notcve.org/view.php?id=CVE-2024-47607
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch • CWE-121: Stack-based Buffer Overflow •