CVE-2024-47774

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 18, 2024
CWE ID 125

Summary

CVE-2024-47774 is a vulnerability affecting the GStreamer library, which is used for constructing media-handling components. An out-of-bounds (OOB) read issue was discovered in the gst_avi_subtitle_parse_gab2_chunk function located in gstavisubtitle.c. The flaw occurs when the function directly reads the name_length value from the input file without proper validation. If name_length exceeds 0xFFFFFFFF - 17, the function experiences an integer overflow. Consequently, it tries to access memory beyond the buffer, resulting in an OOB-read. This vulnerability has been rectified in version 1.24.10.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project