Логотип exploitDog
bind:CVE-2024-47596
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2024-47596

Количество 13

Количество 13

ubuntu логотип

CVE-2024-47596

8 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2024-47596

8 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

CVSS3: 5.1
EPSS: Низкий
nvd логотип

CVE-2024-47596

8 месяцев назад

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2024-47596

8 месяцев назад

GStreamer is a library for constructing graphs of media-handling compo ...

CVSS3: 7.5
EPSS: Низкий
fstec логотип

BDU:2025-00877

8 месяцев назад

Уязвимость функции qtdemux_parse_svq3_stsd_data мультимедийного фреймворка Gstreamer, позволяющая нарушителю выполнить произвольный код

CVSS3: 7.5
EPSS: Низкий
oracle-oval логотип

ELSA-2025-7242

3 месяца назад

ELSA-2025-7242: gstreamer1-plugins-good security update (MODERATE)

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:0063-1

7 месяцев назад

Security update for gstreamer-plugins-good

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:00063-1

около 2 месяцев назад

Security update for gstreamer-plugins-good

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02055-1

около 2 месяцев назад

Security update for gstreamer-plugins-good

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:0067-1

7 месяцев назад

Security update for gstreamer-plugins-good

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:0064-1

7 месяцев назад

Security update for gstreamer-plugins-good

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:0055-1

7 месяцев назад

Security update for gstreamer-plugins-good

EPSS: Низкий
redos логотип

ROS-20250121-12

7 месяцев назад

Множественные уязвимости gstreamer1-plugins-good

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2024-47596

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

CVSS3: 7.5
0%
Низкий
8 месяцев назад
redhat логотип
CVE-2024-47596

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

CVSS3: 5.1
0%
Низкий
8 месяцев назад
nvd логотип
CVE-2024-47596

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.

CVSS3: 7.5
0%
Низкий
8 месяцев назад
debian логотип
CVE-2024-47596

GStreamer is a library for constructing graphs of media-handling compo ...

CVSS3: 7.5
0%
Низкий
8 месяцев назад
fstec логотип
BDU:2025-00877

Уязвимость функции qtdemux_parse_svq3_stsd_data мультимедийного фреймворка Gstreamer, позволяющая нарушителю выполнить произвольный код

CVSS3: 7.5
0%
Низкий
8 месяцев назад
oracle-oval логотип
ELSA-2025-7242

ELSA-2025-7242: gstreamer1-plugins-good security update (MODERATE)

3 месяца назад
suse-cvrf логотип
SUSE-SU-2025:0063-1

Security update for gstreamer-plugins-good

7 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:00063-1

Security update for gstreamer-plugins-good

около 2 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:02055-1

Security update for gstreamer-plugins-good

около 2 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:0067-1

Security update for gstreamer-plugins-good

7 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:0064-1

Security update for gstreamer-plugins-good

7 месяцев назад
suse-cvrf логотип
SUSE-SU-2025:0055-1

Security update for gstreamer-plugins-good

7 месяцев назад
redos логотип
ROS-20250121-12

Множественные уязвимости gstreamer1-plugins-good

CVSS3: 9.8
7 месяцев назад

Уязвимостей на страницу