Описание
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.24.10-1 |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | not-affected | 1.16.3-0ubuntu1.4 |
| esm-infra/xenial | needs-triage | |
| focal | released | 1.16.3-0ubuntu1.4 |
| jammy | released | 1.20.1-1ubuntu0.4 |
| noble | released | 1.24.2-1ubuntu0.2 |
| oracular | released | 1.24.8-1ubuntu0.1 |
| plucky | not-affected | 1.24.10-1 |
| upstream | released | 1.24.10-1 |
Показывать по
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling compo ...
Уязвимость функции format_channel_mask мультимедийного фреймворка Gstreamer, позволяющая нарушителю вызвать отказ в обслуживании
ELSA-2025-7243: gstreamer1-plugins-base security update (MODERATE)
EPSS
9.1 Critical
CVSS3