PT-2024-10371 · Gstreamer+10 · Gstreamer+10

Antonio Morales

+1

·

Published

2024-12-11

·

Updated

2026-05-08

·

CVE-2024-47546

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10
Description GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the extract cc from data function within qtdemux.c. In the FOURCC c708 case, the subtraction atom length - 8 may result in an underflow if atom length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g memdup2, leading to an out-of-bounds (OOB) read. This issue may allow a remote attacker to access confidential information.
Recommendations For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider restricting access to the qtdemux.c component until a patch is available. Avoid using the extract cc from data function in sensitive operations until the issue is resolved.

Exploit

Fix

DoS

Out of bounds Read

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-191

Related Identifiers

ALSA-2025:7242
ALSA-2025_7242
ALT-PU-2025-2299
AZL-62408
BDU:2025-00876
BIT-JAVA-2024-47546
BIT-JAVA-MIN-2024-47546
BIT-JRE-2024-47546
CVE-2024-47546
DLA-4071-1
DSA-5838-1
INFSA-2025_7242
MGASA-2025-0040
OESA-2024-2592
OESA-2024-2593
OESA-2024-2594
OESA-2024-2595
OESA-2024-2596
OPENSUSE-SU-2025_0055-1
OPENSUSE-SU-2025_0064-1
OPENSUSE-SU-2025_0067-1
RHSA-2025:7242
RHSA-2025_7242
SUSE-SU-2025:0055-1
SUSE-SU-2025:0064-1
SUSE-SU-2025:0067-1
SUSE-SU-2025:02055-1
SUSE-SU-2025_02055-1
USN-7176-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu