CVE-2024-47543

CVSS V2 None CVSS V3 None
Description
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
Overview
  • CVE ID
  • CVE-2024-47543
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-11T18:55:50.210Z
  • Last Modified Date
  • 2024-12-11T18:55:50.210Z
History
Created Old Value New Value Data Type Notes
2024-12-12 13:22:43 Added to TrackCVE