Описание
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
A flaw was found in the GStreamer library. A stack buffer overflow in the Opus decoder can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash.
Отчет
This vulnerability in gst_opus_dec_parse_header is of important severity because it allows an attacker to trigger a stack-based buffer overflow by exceeding the pos array's bounds with unvalidated n_channels input. Since the pos array is stack-allocated, writing beyond its boundaries can overwrite critical memory regions, including the return address or control data, potentially leading to arbitrary code execution or complete compromise of the affected system. Moreover, the written value, GST_AUDIO_CHANNEL_POSITION_NONE, being predictable, may aid attackers in crafting reliable exploits.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1-plugins-base | Affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11344 | 18.12.2024 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11344 | 18.12.2024 |
| Red Hat Enterprise Linux 8 | gstreamer1-plugins-base | Fixed | RHSA-2024:11345 | 18.12.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11130 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11141 | 16.12.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | gstreamer1-plugins-base | Fixed | RHSA-2024:11141 | 16.12.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость функции gst_opus_dec_parse_header мультимедийного фреймворка Gstreamer, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3