CVE-2024-47539

CRITICAL
2024-12-12 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Dec 12, 2024 - 02:03 nvd
CRITICAL 9.8

Tags

Buffer Overflow Gstreamer

Description

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.

Analysis

An out-of-bounds write vulnerability in GStreamer's isomp4/qtdemux.c allows remote attackers to overwrite up to 3 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be exploited without authentication over the network, potentially leading to remote code execution. While no active exploitation has been reported (not in KEV), the vulnerability has a critical CVSS score of 9.8 and patches are available.

Technical Context

GStreamer is a widely-used open-source multimedia framework for constructing media-handling pipelines, commonly deployed in Linux distributions, media players, and streaming applications. The vulnerability (CWE-787: Out-of-bounds Write) occurs in the convert_to_s334_1a function within the ISO MP4 demultiplexer component, where a logic error causes misalignment between allocated memory size and loop iteration bounds when ccpair_size is an even number. Based on the CPE identifier (cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*), all versions of GStreamer prior to 1.24.10 are affected, making this a widespread issue across numerous media processing applications.

Affected Products

All versions of GStreamer prior to 1.24.10 are vulnerable, as indicated by the CPE identifier cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. This affects the core GStreamer library and any applications that utilize it for media processing, including numerous Linux media players, streaming servers, and embedded systems. The vulnerability is specifically located in the ISO MP4 demultiplexer component (isomp4/qtdemux.c). Official security information is available at https://gstreamer.freedesktop.org/security/sa-2024-0007.html, with additional technical details provided by GitHub Security Lab at https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/.

Remediation

Upgrade GStreamer to version 1.24.10 or later, which contains the fix for this vulnerability. The patch is available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch and should be applied immediately to all affected systems. For systems that cannot be immediately upgraded, consider implementing network-level filtering to block untrusted media files from being processed by GStreamer-based applications, particularly for internet-facing services. Debian users should refer to the security announcement at https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html for distribution-specific patches.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: 0

Share

CVE-2024-47539 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy