PT-2024-9617 · Gstreamer+10 · Gstreamer+10

Antonio Morales

+1

·

Published

2024-10-03

·

Updated

2026-05-08

·

CVE-2024-47775

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10
Description The issue is related to an out-of-bounds read vulnerability in the parse ds64 function within gstwavparse.c. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. The parse ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST READ UINT32 LE operations without performing boundary checks.
Recommendations For versions prior to 1.24.10, update to version 1.24.10 to resolve the issue. As a temporary workaround, consider restricting access to the parse ds64 function within gstwavparse.c to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:7242
ALSA-2025_7242
ALT-PU-2025-2299
AZL-62342
BDU:2024-11329
BIT-JAVA-2024-47775
BIT-JAVA-MIN-2024-47775
BIT-JRE-2024-47775
CVE-2024-47775
DLA-4071-1
DSA-5838-1
INFSA-2025_7242
OESA-2024-2592
OESA-2024-2593
OESA-2024-2594
OESA-2024-2595
OESA-2024-2596
OPENSUSE-SU-2024:14578-1
OPENSUSE-SU-2025_0055-1
OPENSUSE-SU-2025_0064-1
OPENSUSE-SU-2025_0067-1
RHSA-2025:7242
RHSA-2025_7242
SUSE-SU-2025:00063-1
SUSE-SU-2025:0055-1
SUSE-SU-2025:0063-1
SUSE-SU-2025:0064-1
SUSE-SU-2025:0067-1
SUSE-SU-2025:02055-1
SUSE-SU-2025_02055-1
USN-7176-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu