CVE-2024-47776
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-47776 is a vulnerability affecting the GStreamer library, which is used for constructing graphs of media-handling components. An out-of-bounds (OOB) read issue was discovered in the function gst_wavparse_cue_chunk within gstwavparse.c. The root cause of this vulnerability is a discrepancy between the size of the data buffer and the size value provided to the function. Due to a miscalculation when clipping the chunk size based on upstream data size, some cases may result in a failure of the comparison if (size < 4 + ncues * 24. This vulnerability allows an attacker to read beyond the bounds of the data buffer, potentially resulting in a crash (denial of service) or the leak of sensitive data. This issue has been addressed in version 1.24.10 of GStreamer.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Gstreamer Project Gstreamer
Affected Vendors
- Gstreamer Project