CVE-2024-47538

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47538
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch Patch
https://gstreamer.freedesktop.org/security/sa-2024-0022.html Release Notes
https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*
History

19 Dec 2024, 22:15

Type Values Removed Values Added
Summary GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10. GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.

18 Dec 2024, 21:51

Type Values Removed Values Added
CWE CWE-121 CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
First Time Gstreamer Project gstreamer
Gstreamer Project
CPE cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*
References () https://gstreamer.freedesktop.org/security/sa-2024-0022.html - () https://gstreamer.freedesktop.org/security/sa-2024-0022.html - Release Notes
References () https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch - () https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch - Patch
References () https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ - () https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ - Third Party Advisory

12 Dec 2024, 02:03

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-12 02:03

Updated : 2024-12-19 22:15

NVD link : CVE-2024-47538

Mitre link : CVE-2024-47538

JSON object : View

Products Affected

gstreamer_project

  • gstreamer
CWE
CWE-787

Out-of-bounds Write