Skip to main content

Gstreamer CVE-2024-47600

CRITICAL
Out-of-bounds Read (CWE-125)
2024-12-12 security-advisories@github.com
Buffer Overflow Gstreamer
9.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Dec 12, 2024 - 02:03 nvd
CRITICAL 9.1

DescriptionNVD

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.

AnalysisAI

A buffer overflow vulnerability in GStreamer's media discovery component allows remote attackers to read sensitive stack memory and potentially crash applications. The flaw occurs when processing media files with more than 64 audio channels, causing the format_channel_mask function to read beyond array bounds. With a CVSS score of 9.1 and network-based attack vector requiring no authentication, this represents a critical risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.

Technical ContextAI

GStreamer is a widely-used open-source multimedia framework that constructs processing pipelines for audio and video data. The vulnerability (CWE-125: Out-of-bounds Read) exists in the gst-discoverer.c component, specifically in the format_channel_mask function which uses a fixed-size array of 64 elements to process audio channel information. When gst_discoverer_audio_info_get_channels returns a value exceeding 64, the subsequent for loop accesses memory beyond the position array boundaries. The affected CPE identifier cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:* indicates all versions prior to 1.24.10 are vulnerable. This out-of-bounds read can expose stack contents and the subsequent dereference of value->value_nick may lead to further memory corruption.

RemediationAI

Upgrade GStreamer to version 1.24.10 or later, which contains the fix for this vulnerability. The patch is available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch and can be applied to earlier versions if immediate upgrading is not feasible. Until patching is complete, consider implementing input validation to reject media files with unusually high channel counts (over 64) and restrict processing of untrusted media files. For detailed remediation guidance, refer to the vendor security advisory at https://gstreamer.freedesktop.org/security/sa-2024-0018.html and the GitHub Security Lab advisory at https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/.

Share

CVE-2024-47600 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy