PT-2024-10475 · Gstreamer+11 · Gstreamer+11
Antonio Morales
+1
·
Published
2024-12-11
·
Updated
2025-06-30
·
CVE-2024-47537
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GStreamer versions prior to 1.24.10
Description
The issue is related to an integer overflow in the memory reallocation process. The program attempts to reallocate memory to accommodate a certain number of elements, but if the value read from the input file is large enough, it can lead to an integer overflow during the addition. As a consequence, the memory allocation might be significantly smaller than intended, potentially causing an out-of-bounds write when the program iterates through the elements and attempts to write to the allocated memory.
Recommendations
For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider restricting the input file size to prevent large values from being read and causing the integer overflow. Additionally, restrict access to the
stream->samples memory area to minimize the risk of exploitation until the update is applied.Exploit
Fix
Memory Corruption
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu