PT-2024-9625 · Gstreamer+10 · Gstreamer+10
Antonio Morales
+1
·
Published
2024-10-02
·
Updated
2025-10-07
·
CVE-2024-47615
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GStreamer versions prior to 1.24.10
Description
The issue is related to a function
gst parse vorbis setup packet in the GStreamer multimedia framework, which is associated with a buffer overflow in memory. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is due to an out-of-bounds write in the gst parse vorbis setup packet function within vorbis parse.c, where an integer size is read from the input file without proper validation, potentially exceeding the fixed size of the pad->vorbis mode sizes array. This can overwrite up to 380 bytes of memory beyond the boundaries of the array, affecting adjacent memory.Recommendations
For versions prior to 1.24.10, update to version 1.24.10 to patch this issue and secure your system. As a temporary workaround, consider restricting the use of the
gst parse vorbis setup packet function until a patch is available.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Gstreamer
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu