Описание
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
A flaw was found in the GStreamer library. An out-of-bounds write in the MP4/MOV demuxer when handling CEA608 Closed Caption tracks can lead to crashes for certain input files. This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation.
Отчет
This vulnerability classified as important severity rather than moderate due to its potential for out-of-bounds memory writes, which are highly exploitable in many scenarios. The discrepancy between the memory allocation and loop bounds allows overwriting up to 3 bytes beyond the intended storage array, which could corrupt adjacent memory. Depending on the execution context, this could lead to critical security consequences, such as the alteration of control structures, heap corruption, or stack manipulation, opening paths for arbitrary code execution or escalation of privileges.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1-plugins-good | Not affected | ||
| Red Hat Enterprise Linux 7 | gstreamer1-plugins-good | Not affected | ||
| Red Hat Enterprise Linux 8 | gstreamer1-plugins-good | Fixed | RHSA-2024:11299 | 17.12.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11148 | 18.12.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11346 | 18.12.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | gstreamer1-plugins-good | Fixed | RHSA-2024:11346 | 18.12.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | gstreamer1-plugins-good | Fixed | RHSA-2024:11346 | 18.12.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11149 | 18.12.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | gstreamer1-plugins-good | Fixed | RHSA-2024:11149 | 18.12.2024 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | gstreamer1-plugins-good | Fixed | RHSA-2024:11149 | 18.12.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость функции convert_to_s334_1a мультимедийного фреймворка Gstreamer, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3