CVE-2024-47778
GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
A flaw was found in the GStreamer library. Various out-of-bounds reads in the WAV parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.
This update for gstreamer-plugins-good fixes the following issues. Fixed an uninitialized stack memory in Matroska/WebM demuxer. Fixed an out-of-bounds write in isomp4/qtdemux.c. Fixed an out-of-bounds write in convert_to_s334_1a. Fixed an out-of-bounds write in qtdemux_parse_container. Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC handling. Fixed an integer underflow in FOURCC_strf parsing leading to out-of-bounds read. Fixed an integer underflow in extract_cc_from_data leading to out-of-bounds read. Fixed an integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads. Fixed an out-of-bounds reads in MP4/MOV demuxer sample table parser. Fixed MP4/MOV sample table parser out-of-bounds read. Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. Fixed a NULL-pointer dereference in Matroska/WebM demuxer. Fixed a NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer. Fixed a NULL-pointer dereference in Matroska/WebM demuxer. Avoid integer overflow when allocating sysmem. Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. Fixed a NULL-pointer dereference in gdk-pixbuf decoder. Fixed an integer overflow in AVI subtitle parser that leads to out-of-bounds reads. Fixed various out-of-bounds reads in WAV parser. Fixed various out-of-bounds reads in WAV parser. Fixed various out-of-bounds reads in WAV parser. Fixed various out-of-bounds reads in WAV parser. Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-09-30 CVE Reserved
- 2024-12-11 CVE Published
- 2024-12-12 CVE Updated
- 2025-07-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch | X_refsource_misc | |
| https://gstreamer.freedesktop.org/security/sa-2024-0027.html | X_refsource_misc | |
| https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-47778 | 2025-05-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2331743 | 2025-05-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gstreamer Search vendor "Gstreamer" | Gstreamer Search vendor "Gstreamer" for product "Gstreamer" | < 1.24.10 Search vendor "Gstreamer" for product "Gstreamer" and version " < 1.24.10" | en |
Affected
| ||||||