Gstreamer
CVE-2024-47546
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.
AnalysisAI
An integer underflow vulnerability in GStreamer's qtdemux component allows remote attackers to trigger out-of-bounds memory reads, potentially causing application crashes or denial of service. The flaw occurs when processing malformed media files with specific atom structures, affecting all GStreamer versions prior to 1.24.10. With an EPSS score of 0.11% and no known active exploitation, this represents a moderate risk primarily for applications processing untrusted media content.
Technical ContextAI
GStreamer is a widely-used open-source multimedia framework (CPE: cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*) that constructs processing graphs for media handling. The vulnerability stems from CWE-191 (Integer Underflow) in the extract_cc_from_data function within qtdemux.c, specifically when handling FOURCC_c708 closed caption data atoms. When atom_length is less than 8, the subtraction atom_length - 8 underflows, resulting in a large value being passed to g_memdup2, which then attempts to read beyond allocated memory boundaries.
RemediationAI
Upgrade GStreamer to version 1.24.10 or later, which contains the fix available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch. Organizations unable to immediately patch should implement input validation for media files and consider isolating media processing services in sandboxed environments. Monitor the vendor security advisory at https://gstreamer.freedesktop.org/security/sa-2024-0013.html for additional updates. For systems processing untrusted media, implement resource limits and crash recovery mechanisms to mitigate potential denial of service impacts.
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write an
A heap-based buffer overflow vulnerability exists in GStreamer's RTSP connection parser that allows remote attackers to
An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption
A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service o
A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denia
An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory
An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when par
A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska
An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation fault
Same weakness CWE-191 – Integer Underflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today