PT-2024-10366 · Gstreamer+12 · Gstreamer+12
Antonio Morales
+1
·
Published
2024-12-11
·
Updated
2026-05-08
·
CVE-2024-47606
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GStreamer versions prior to 1.24.10
Description
The issue is related to an integer underflow in the
qtdemux parse theora extension function within qtdemux.c. This underflow causes the size variable to hold a large unintended value when cast to an unsigned integer. The vulnerability leads to a situation where only 0x89 bytes are allocated, despite the large input size, resulting in the data from the input file overwriting the content of the GstMapInfo info structure. This can cause a function pointer hijack, allowing an attacker to alter the execution flow of the program and potentially leading to arbitrary code execution.Recommendations
For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider restricting the use of the
qtdemux parse theora extension function until a patch is available. Avoid using the gst buffer new and alloc function with large input sizes until the issue is resolved. Restrict access to the gst memory unmap function to minimize the risk of exploitation.Exploit
Fix
DoS
Integer Underflow
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Gstreamer
Java Platform
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu