CVE-2024-47606 – GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes
https://notcve.org/view.php?id=CVE-2024-47606
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch https://gstreamer.freedesktop.org/security/sa-2024-0014.html https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer https://access.redhat.com/security/cve/CVE-2024-47606 https://bugzilla.redhat.com/show_bug.cgi?id=2331760 • CWE-190: Integer Overflow or Wraparound •
CVE-2024-47603 – GHSL-2024-251: GStreamer NULL-pointer dereference in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47603
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch https://gstreamer.freedesktop.org/security/sa-2024-0021.html https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer • CWE-476: NULL Pointer Dereference •
CVE-2024-47602 – GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47602
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch https://gstreamer.freedesktop.org/security/sa-2024-0019.html https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVE-2024-47601 – GHSL-2024-249: GStreamer has a NULL-pointer dereference in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47601
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch https://gstreamer.freedesktop.org/security/sa-2024-0020.html https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer • CWE-476: NULL Pointer Dereference •
CVE-2024-47600 – GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask
https://notcve.org/view.php?id=CVE-2024-47600
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch https://gstreamer.freedesktop.org/security/sa-2024-0018.html https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer • CWE-125: Out-of-bounds Read •