Описание
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.
A flaw was found in the Vorbis decoder in the GStreamer library. Processing a specially crafted input file can cause a stack-based buffer overflow in the Vorbis decoder due to improper input validation, resulting in unexpected behavior or, most likely, an application crash.
Отчет
To exploit this flaw, an attacker needs to trick a user into opening or processing a specially crafted .ogg file. However, this issue still has an Important severity as it allows an attacker to trigger a stack-based buffer overflow and overwrite critical memory regions, including the return address of control data, potentially resulting in unexpected behavior, including arbitrary code execution.
Меры по смягчению последствий
Do not process untrusted files with the Vorbis decoder and monitor application crashes as this may indicate exploitation attempts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1-plugins-base | Not affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11344 | 18.12.2024 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11344 | 18.12.2024 |
| Red Hat Enterprise Linux 8 | gstreamer1-plugins-base | Fixed | RHSA-2024:11345 | 18.12.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11130 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11141 | 16.12.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | gstreamer1-plugins-base | Fixed | RHSA-2024:11141 | 16.12.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость мультимедийного фреймворка Gstreamer, связанная с переполнением буфера на стеке, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3