CVE-2024-47615
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-47615 is a vulnerability affecting the GStreamer library, which is used for constructing graphs of media-handling components. An out-of-bounds (OOB) write issue was identified in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size read from the input file is not properly validated, allowing it to exceed the fixed size of the pad->vorbis_mode_sizes array (256 bytes). When this occurs, the for loop overwrites the entire pad structure with 0s and 1s, potentially overwriting up to 380 bytes of adjacent memory. This vulnerability can lead to arbitrary code execution or denial of service. The issue is resolved in version 1.24.10.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project