Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-47545

Опубликовано: 11 дек. 2024
Источник: redhat
CVSS3: 6.2
EPSS Низкий

Описание

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.

A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer can lead to out-of-bounds reads that may cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10gstreamer1-plugins-goodNot affected
Red Hat Enterprise Linux 7gstreamer1-plugins-goodOut of support scope
Red Hat Enterprise Linux 8gstreamer1-plugins-goodOut of support scope
Red Hat Enterprise Linux 9gstreamer1-plugins-goodFixedRHSA-2025:724213.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-191
https://bugzilla.redhat.com/show_bug.cgi?id=2331763gstreamer1-plugins-good: integer underflow in FOURCC_strf parsing leading to OOB-read

EPSS

Процентиль: 35%
0.0014
Низкий

6.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-47545

CVSS3: 7.5
ubuntu
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.

nvd логотип

CVE-2024-47545

CVSS3: 7.5
nvd
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.

debian логотип

CVE-2024-47545

CVSS3: 7.5
debian
6 месяцев назад

GStreamer is a library for constructing graphs of media-handling compo ...

fstec логотип

BDU:2025-00875

CVSS3: 7.5
fstec
6 месяцев назад

Уязвимость функции qtdemux_parse_trak мультимедийного фреймворка Gstreamer, позволяющая нарушителю выполнить произвольный код

oracle-oval логотип

ELSA-2025-7242

oracle-oval
около 1 месяца назад

ELSA-2025-7242: gstreamer1-plugins-good security update (MODERATE)

EPSS

Процентиль: 35%
0.0014
Низкий

6.2 Medium

CVSS3