CVE-2024-47615

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 18, 2024
CWE ID 787

Summary

CVE-2024-47615 is a vulnerability affecting the GStreamer library, which is used for constructing graphs of media-handling components. An out-of-bounds (OOB) write issue was identified in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size read from the input file is not properly validated, allowing it to exceed the fixed size of the pad->vorbis_mode_sizes array (256 bytes). When this occurs, the for loop overwrites the entire pad structure with 0s and 1s, potentially overwriting up to 380 bytes of adjacent memory. This vulnerability can lead to arbitrary code execution or denial of service. The issue is resolved in version 1.24.10.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project