GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract cc from data function within qtdemux.c. In the FOURCC c708 case, the subtraction atom length - 8 may result in an underflow if atom length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.