CVE-2024-47776

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 18, 2024
CWE ID 125

Summary

CVE-2024-47776 is a vulnerability affecting the GStreamer library, which is used for constructing graphs of media-handling components. An out-of-bounds (OOB) read issue was discovered in the function gst_wavparse_cue_chunk within gstwavparse.c. The root cause of this vulnerability is a discrepancy between the size of the data buffer and the size value provided to the function. Due to a miscalculation when clipping the chunk size based on upstream data size, some cases may result in a failure of the comparison if (size < 4 + ncues * 24. This vulnerability allows an attacker to read beyond the bounds of the data buffer, potentially resulting in a crash (denial of service) or the leak of sensitive data. This issue has been addressed in version 1.24.10 of GStreamer.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Gstreamer Project Gstreamer

Affected Vendors

  • Gstreamer Project