CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47615 – GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer
https://notcve.org/view.php?id=CVE-2024-47615
11 Dec 2024 — This vulnerability allows a malicious third party to trigger out-of-bounds writes that can result in the application's crash or possibly allow code execution through heap manipulation. Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47607 – GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header
https://notcve.org/view.php?id=CVE-2024-47607
11 Dec 2024 — An attacker could use these issues to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47606 – GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes
https://notcve.org/view.php?id=CVE-2024-47606
11 Dec 2024 — This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. ... Antonio Morales reported an integer overflow vulnerability in the memory allocator in the Core GStreamer libraries, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is processed. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47603 – GHSL-2024-251: GStreamer NULL-pointer dereference in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47603
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47602 – GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47602
11 Dec 2024 — This function does not properly check the validity of the stream->codec_priv pointer in the following code. ... An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47601 – GHSL-2024-249: GStreamer has a NULL-pointer dereference in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47601
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47600 – GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask
https://notcve.org/view.php?id=CVE-2024-47600
11 Dec 2024 — Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47599 – GHSL-2024-247: GStreamer Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences
https://notcve.org/view.php?id=CVE-2024-47599
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47598 – GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table
https://notcve.org/view.php?id=CVE-2024-47598
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47597 – GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples
https://notcve.org/view.php?id=CVE-2024-47597
11 Dec 2024 — The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. ... An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-125: Out-of-bounds Read •