Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-47538

Опубликовано: 12 дек. 2024
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*
Версия до 1.24.10 (исключая)

EPSS

Процентиль: 33%
0.00127
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-121
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2024-47538

CVSS3: 9.8
ubuntu
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.

redhat логотип

CVE-2024-47538

CVSS3: 8.8
redhat
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.

debian логотип

CVE-2024-47538

CVSS3: 9.8
debian
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling compo ...

fstec логотип

BDU:2025-00484

CVSS3: 9.8
fstec
9 месяцев назад

Уязвимость мультимедийного фреймворка Gstreamer, связанная с переполнением буфера на стеке, позволяющая нарушителю вызвать отказ в обслуживании

rocky логотип

RLSA-2024:11345

rocky
6 месяцев назад

Important: gstreamer1-plugins-base security update

EPSS

Процентиль: 33%
0.00127
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-121
CWE-787