CVE-2024-47597
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-47597 is a newly identified vulnerability in the GStreamer library. The issue lies within the qtdemux.c file, specifically in the qtdemux_parse_samples function. This function reads data beyond the boundaries of the stream->stco buffer, leading to an out-of-bounds (OOB) read. The flawed code snippet involves a call to qt_atom_parser_get_offset_unchecked, which causes the OOB-read when processing the malicious GHSL-2024-245_crash1.mp4 file. This vulnerability could potentially read up to 8 bytes out of bounds. A fix for this issue is available in version 1.24.10.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project