CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47596 – GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing
https://notcve.org/view.php?id=CVE-2024-47596
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47546 – GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read
https://notcve.org/view.php?id=CVE-2024-47546
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47545 – GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read
https://notcve.org/view.php?id=CVE-2024-47545
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47544 – GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling
https://notcve.org/view.php?id=CVE-2024-47544
11 Dec 2024 — An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47543 – GHSL-2024-236: GStreamer has an OOB-read in qtdemux_parse_container
https://notcve.org/view.php?id=CVE-2024-47543
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47541 – GHSL-2024-228: GStreamer has an out-of-bounds write in SSA subtitle parser
https://notcve.org/view.php?id=CVE-2024-47541
11 Dec 2024 — Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47540 – GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47540
11 Dec 2024 — This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. ... Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash. Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-457: Use of Uninitialized Variable •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47539 – GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a
https://notcve.org/view.php?id=CVE-2024-47539
11 Dec 2024 — This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation. Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-42448
https://notcve.org/view.php?id=CVE-2024-42448
11 Dec 2024 — From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. • https://github.com/h3lye/CVE-2024-42448-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12382 – Debian Security Advisory 5829-1
https://notcve.org/view.php?id=CVE-2024-12382
11 Dec 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •