CVE-2024-47545

HIGH
2024-12-12 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Dec 12, 2024 - 02:03 nvd
HIGH 7.5

Tags

Buffer Overflow Gstreamer

Description

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.

Analysis

An integer underflow vulnerability in GStreamer's QuickTime demuxer (qtdemux) allows remote attackers to trigger an out-of-bounds memory read, potentially causing application crashes or denial of service. The vulnerability affects GStreamer versions prior to 1.24.10 and occurs when parsing malformed QuickTime/MP4 files where a size calculation can result in negative values, leading to large memory copy operations. With an EPSS score of 0.13% and no known active exploitation or public POC, this represents a moderate risk primarily to applications processing untrusted media files.

Technical Context

GStreamer is a widely-used multimedia framework for constructing media processing pipelines, identified by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability resides in the qtdemux_parse_trak function within qtdemux.c, specifically during strf (stream format) parsing where a hardcoded subtraction of 40 bytes from a size variable can underflow if the original size is less than 40. This integer underflow (CWE-191) subsequently causes gst_buffer_fill to call memcpy with an extremely large size value, resulting in an out-of-bounds read that can access memory beyond allocated buffers. The issue is classified as both a buffer overflow and integer overflow vulnerability type.

Affected Products

GStreamer multimedia framework versions prior to 1.24.10 are affected by this vulnerability, as identified by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability specifically impacts the qtdemux plugin used for parsing QuickTime and MP4 media files. Debian has issued security updates for their LTS releases as noted in their security announcement at https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html. The official GStreamer security advisory SA-2024-0010 provides additional details at https://gstreamer.freedesktop.org/security/sa-2024-0010.html.

Remediation

Upgrade GStreamer to version 1.24.10 or later which contains the fix for this vulnerability. A patch is available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch for those who need to apply it to custom builds. Until patching is possible, limit processing of QuickTime/MP4 files to trusted sources only and consider implementing input validation or sandboxing for applications that must process untrusted media. Consult the vendor security advisory at https://gstreamer.freedesktop.org/security/sa-2024-0010.html and GitHub Security Lab advisory at https://securitylab.github.com/advisories/GHSL-2024-242_Gstreamer/ for additional technical details.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Share

CVE-2024-47545 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy