PT-2024-9586 · Gstreamer+9 · Gstreamer+9

Antonio Morales

+1

·

Published

2024-09-30

·

Updated

2025-10-07

·

CVE-2024-47600

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10
Description A vulnerability has been detected in the format channel mask function in gst-discoverer.c, which can cause an out-of-bounds (OOB) read. This occurs when the gst discoverer audio info get channels function returns a value greater than 64, leading to access beyond the bounds of the local position array. As a result, unintended bytes from the stack can be read, potentially causing further memory corruption or undefined behavior due to the dereference of value->value nick after the OOB-read.
Recommendations For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider restricting access to the format channel mask function in gst-discoverer.c until a patch is available. Avoid using the gst discoverer audio info get channels function with values greater than 64 until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:7243
ALSA-2025_7243
ALT-PU-2025-2299
AZL-54294
AZL-54359
AZL-62396
BDU:2024-11293
CVE-2024-47600
DLA-3999-1
DSA-5831-1
INFSA-2025_7243
MGASA-2025-0040
OESA-2024-2563
OPENSUSE-SU-2024:14577-1
OPENSUSE-SU-2025_0054-1
OPENSUSE-SU-2025_0065-1
OPENSUSE-SU-2025_0069-1
RHSA-2025:7243
RHSA-2025_7243
SUSE-SU-2025:0054-1
SUSE-SU-2025:0065-1
SUSE-SU-2025:0069-1
SUSE-SU-2025:02020-1
SUSE-SU-2025:20134-1
SUSE-SU-2025:20241-1
SUSE-SU-2025_02020-1
USN-7175-1
USN-7807-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu