CVE-2024-47537

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 19, 2024
CWE ID 190
CWE ID 787

Summary

CVE-2024-47537 is a vulnerability affecting the GStreamer media library. The issue arises from an integer overflow during memory allocation. The program attempts to add the number of new samples to the current number of samples, but the new sample count is taken from an input file. If the new sample count is large enough, an integer overflow occurs, leading g_try_renew to allocate significantly less memory than required. Following this, the program writes samples_count number of samples to the allocated memory, potentially resulting in an out-of-bound write if the memory size is exceeded. This vulnerability is resolved in version 1.24.10.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project