Описание
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer's sample table parser can lead to out-of-bounds writes and NULL-pointer dereferences for certain input files. This vulnerability allows a malicious third party to trigger an application crash and, in the case of out-of-bounds writes, possibly allow code execution through heap manipulation.
Отчет
This vulnerability marked as important severity rather than moderate due to the potential for exploitation leading to arbitrary code execution. The integer overflow during memory allocation results in a mismatch between the allocated memory size and the expected number of elements, causing an out-of-bounds write (OOB-write). Such memory corruption can lead to application crashes, data corruption, or, more critically, allow an attacker to write controlled data outside the allocated buffer. This opens the door to heap-based buffer overflows, which are commonly exploited to overwrite control structures or function pointers, enabling attackers to execute malicious code.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1-plugins-good | Not affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11344 | 18.12.2024 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11344 | 18.12.2024 |
| Red Hat Enterprise Linux 8 | gstreamer1-plugins-good | Fixed | RHSA-2024:11299 | 17.12.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11148 | 18.12.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11346 | 18.12.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | gstreamer1-plugins-good | Fixed | RHSA-2024:11346 | 18.12.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | gstreamer1-plugins-good | Fixed | RHSA-2024:11346 | 18.12.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11149 | 18.12.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | gstreamer1-plugins-good | Fixed | RHSA-2024:11149 | 18.12.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.4 High
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость мультимедийного фреймворка Gstreamer, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
EPSS
8.4 High
CVSS3