CVE-2024-47539
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-47539 is a newly identified vulnerability affecting the GStreamer media library. The issue lies within the convert_to_s334_1a function in isomp4/qtdemux.c. This out-of-bounds write vulnerability arises due to a discrepancy between the allocated memory size and the loop condition in the function. When the size, ccpair_size, is even, the allocated memory size does not match the expected loop bounds, leading to an out-of-bounds write. Up to 3 bytes beyond the allocated bounds of the storage array can be overwritten due to this bug. Fortunately, this vulnerability has been addressed in the latest version 1.24.10.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project