CVE-2024-47774
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-47774 is a vulnerability affecting the GStreamer library, which is used for constructing media-handling components. An out-of-bounds (OOB) read issue was discovered in the gst_avi_subtitle_parse_gab2_chunk function located in gstavisubtitle.c. The flaw occurs when the function directly reads the name_length value from the input file without proper validation. If name_length exceeds 0xFFFFFFFF - 17, the function experiences an integer overflow. Consequently, it tries to access memory beyond the buffer, resulting in an OOB-read. This vulnerability has been rectified in version 1.24.10.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project