CVE-2024-47541

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 787

Summary

CVE-2024-47541 is a vulnerability affecting the GStreamer library's gstssaparse.c file. The issue lies in the gst_ssa_parse_remove_override_codes function, which handles SSA (SubStation Alpha) style override codes. The problem is triggered when a closing curly bracket "}" appears before an opening curly bracket "{}. In such cases, memmove() incorrectly copies a substring, resulting in an out-of-bounds write. With each loop iteration, the size passed to memmove() increases, leading to potentially writing beyond the allocated memory. This vulnerability is fixed in the 1.24.10 release.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project