Описание
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
A flaw was found in the GStreamer library. An out-of-bounds write in the Ogg demuxer can cause crashes for certain input files. This vulnerability allows a malicious third party to trigger out-of-bounds writes that can result in the application's crash or possibly allow code execution through heap manipulation.
Отчет
This vulnerability should be classified as important severity rather than moderate due to its potential impact on memory integrity and application stability. The out-of-bounds write (OOB-Write) in the gst_parse_vorbis_setup_packet function overwrites up to 380 bytes of memory beyond the boundaries of the vorbis_mode_sizes array, directly corrupting adjacent memory structures. Such corruption could lead to uncontrolled behavior, including crashes, denial of service, or even arbitrary code execution if an attacker crafts malicious input to exploit the overwritten memory. The absence of proper bounds validation makes the vulnerability exploitable with untrusted input, elevating the risk in scenarios where GStreamer is used to process external or user-supplied media files.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1-plugins-base | Affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11344 | 18.12.2024 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gstreamer1-plugins-good | Fixed | RHSA-2024:11344 | 18.12.2024 |
| Red Hat Enterprise Linux 8 | gstreamer1-plugins-base | Fixed | RHSA-2024:11345 | 18.12.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11130 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | gstreamer1-plugins-base | Fixed | RHSA-2024:11143 | 16.12.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | gstreamer1-plugins-base | Fixed | RHSA-2024:11141 | 16.12.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | gstreamer1-plugins-base | Fixed | RHSA-2024:11141 | 16.12.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость функции gst_parse_vorbis_setup_packet мультимедийного фреймворка Gstreamer, позволяющая нарушителю вызвать отказ в обслуживании
9.8 Critical
CVSS3