CVE-2024-47615

CVSS V2 None CVSS V3 None
Description
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
Overview
  • CVE ID
  • CVE-2024-47615
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-11T19:13:47.894Z
  • Last Modified Date
  • 2024-12-11T19:13:47.894Z
History
Created Old Value New Value Data Type Notes
2024-12-12 13:23:55 Added to TrackCVE