CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47545 – GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read
https://notcve.org/view.php?id=CVE-2024-47545
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47544 – GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling
https://notcve.org/view.php?id=CVE-2024-47544
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. Antonio Morales discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47543 – GHSL-2024-236: GStreamer has an OOB-read in qtdemux_parse_container
https://notcve.org/view.php?id=CVE-2024-47543
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47542 – GHSL-2024-235: GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference
https://notcve.org/view.php?id=CVE-2024-47542
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47541 – GHSL-2024-228: GStreamer has an out-of-bounds write in SSA subtitle parser
https://notcve.org/view.php?id=CVE-2024-47541
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a sub... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47540 – GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47540
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-457: Use of Uninitialized Variable •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47539 – GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a
https://notcve.org/view.php?id=CVE-2024-47539
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overw... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47538 – GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet
https://notcve.org/view.php?id=CVE-2024-47538
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47537 – GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c
https://notcve.org/view.php?id=CVE-2024-47537
11 Dec 2024 — GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1924 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression
https://notcve.org/view.php?id=CVE-2022-1924
19 Jul 2022 — DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •