CVE-2024-47541
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-47541 is a vulnerability affecting the GStreamer library's gstssaparse.c file. The issue lies in the gst_ssa_parse_remove_override_codes function, which handles SSA (SubStation Alpha) style override codes. The problem is triggered when a closing curly bracket "}" appears before an opening curly bracket "{}. In such cases, memmove() incorrectly copies a substring, resulting in an out-of-bounds write. With each loop iteration, the size passed to memmove() increases, leading to potentially writing beyond the allocated memory. This vulnerability is fixed in the 1.24.10 release.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project