CVE-2024-47537
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-47537 is a vulnerability affecting the GStreamer media library. The issue arises from an integer overflow during memory allocation. The program attempts to add the number of new samples to the current number of samples, but the new sample count is taken from an input file. If the new sample count is large enough, an integer overflow occurs, leading g_try_renew to allocate significantly less memory than required. Following this, the program writes samples_count number of samples to the allocated memory, potentially resulting in an out-of-bound write if the memory size is exceeded. This vulnerability is resolved in version 1.24.10.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project