Описание
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
A flaw was found in the GStreamer library. An out-of-bounds read in the gst-discoverer-1.0 command line tool can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash. This issue only affects the gst-discoverer-1.0 command line tool and not any other applications using GStreamer.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1-plugins-base | Not affected | ||
| Red Hat Enterprise Linux 7 | gstreamer1-plugins-base | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gstreamer1-plugins-base | Out of support scope | ||
| Red Hat Enterprise Linux 9 | gstreamer1-plugins-base | Fixed | RHSA-2025:7243 | 13.05.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость функции format_channel_mask мультимедийного фреймворка Gstreamer, позволяющая нарушителю вызвать отказ в обслуживании
ELSA-2025-7243: gstreamer1-plugins-base security update (MODERATE)
EPSS
5.1 Medium
CVSS3