CVE-2024-47615

CRITICAL
2024-12-12 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Dec 12, 2024 - 02:03 nvd
CRITICAL 9.8

Tags

Information Disclosure Gstreamer

Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.

Analysis

A critical out-of-bounds write vulnerability exists in GStreamer's Vorbis parser that allows remote code execution by processing malicious media files. The flaw affects all GStreamer versions prior to 1.24.10 and enables attackers to overwrite up to 380 bytes of memory beyond array boundaries, potentially leading to arbitrary code execution without authentication. The vulnerability has been assigned a maximum CVSS score of 9.8, indicating critical severity with network-based exploitation possible.

Technical Context

GStreamer is a widely-used multimedia framework library for constructing media processing pipelines, identified by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability resides in the gst_parse_vorbis_setup_packet function within vorbis_parse.c, where an integer size value is read from untrusted input without validation before being used as a loop counter. This classic CWE-787 (Out-of-bounds Write) occurs because the code fails to verify that the size parameter doesn't exceed the fixed 256-element pad->vorbis_mode_sizes array, resulting in memory corruption that extends 380 bytes past the array boundary when processing specially crafted Vorbis audio streams.

Affected Products

All versions of GStreamer prior to version 1.24.10 are vulnerable to this out-of-bounds write flaw, as confirmed by the CPE identifier cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability impacts any application or system using the GStreamer framework for media processing, particularly those handling Vorbis audio streams. The official security advisory is available at https://gstreamer.freedesktop.org/security/sa-2024-0026.html, with additional technical details provided by GitHub Security Lab at https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/. Debian has also issued security updates as noted in https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html.

Remediation

Immediately upgrade GStreamer to version 1.24.10 or later, which contains the fix for this vulnerability. The patch is available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch and should be applied urgently given the critical severity. For systems that cannot be immediately patched, implement strict input validation for any Vorbis media files and consider disabling Vorbis codec support temporarily if feasible. Additionally, deploy network segmentation to limit exposure of systems running vulnerable GStreamer versions and monitor for unusual media processing activity or crashes that could indicate exploitation attempts.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: 0

Share

CVE-2024-47615 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy