Page 3 of 73 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch https://gstreamer.freedesktop.org/security/sa-2024-0014.html https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer https://access.redhat.com/security/cve/CVE-2024-47606 https://bugzilla.redhat.com/show_bug.cgi?id=2331760 • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch https://gstreamer.freedesktop.org/security/sa-2024-0021.html https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer • CWE-476: NULL Pointer Dereference •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch https://gstreamer.freedesktop.org/security/sa-2024-0019.html https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch https://gstreamer.freedesktop.org/security/sa-2024-0020.html https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer • CWE-476: NULL Pointer Dereference •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch https://gstreamer.freedesktop.org/security/sa-2024-0018.html https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer • CWE-125: Out-of-bounds Read •