PT-2024-9616 · Gstreamer+10 · Gstreamer+10

Antonio Morales

Published

2024-10-03

Updated

2026-05-08

CVE-2024-47778

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10

Description The issue is related to a function gst wavparse adtl chunk in the GStreamer multimedia framework, which is associated with an out-of-bounds read in memory. This can be exploited by a remote attacker to cause a denial of service. The vulnerability arises due to insufficient validation of the size parameter, potentially leading to reading up to 4 GB of process memory or causing a segmentation fault when accessing invalid memory.

Recommendations For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider restricting access to the gst wavparse adtl chunk function within gstwavparse.c to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:7242

ALSA-2025_7242

ALT-PU-2025-2299

AZL-62351

BDU:2024-11328

BIT-JAVA-2024-47778

BIT-JAVA-MIN-2024-47778

BIT-JRE-2024-47778

CVE-2024-47778

DLA-4071-1

DSA-5838-1

INFSA-2025_7242

OESA-2024-2592

OESA-2024-2593

OESA-2024-2594

OESA-2024-2595

OESA-2024-2596

OPENSUSE-SU-2025_0055-1

OPENSUSE-SU-2025_0064-1

OPENSUSE-SU-2025_0067-1

RHSA-2025:7242

RHSA-2025_7242

SUSE-SU-2025:00063-1

SUSE-SU-2025:0055-1

SUSE-SU-2025:0063-1

SUSE-SU-2025:0064-1

SUSE-SU-2025:0067-1

SUSE-SU-2025:02055-1

SUSE-SU-2025_02055-1

USN-7176-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Gstreamer

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-9616 · Gstreamer+10 · Gstreamer+10

CVE-2024-47778

Weakness Enumeration

Related Identifiers

Affected Products

References · 181