PT-2024-10158 · Gstreamer+10 · Gstreamer+10
Antonio Morales
+1
·
Published
2024-09-25
·
Updated
2025-10-07
·
CVE-2024-47538
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GStreamer versions prior to 1.24.10
Description
A stack-buffer overflow has been detected in the
vorbis handle identification packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST AUDIO CHANNEL POSITION NONE. This issue allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure.Recommendations
For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider restricting the number of channels to 64 or less to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu