CVE-2024-47774

CRITICAL
2024-12-12 [email protected]
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Dec 12, 2024 - 02:03 nvd
CRITICAL 9.1

Tags

Buffer Overflow Gstreamer

Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.

Analysis

A critical out-of-bounds read vulnerability exists in GStreamer's AVI subtitle parsing functionality, allowing remote attackers to read sensitive memory contents and potentially crash applications. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when processing maliciously crafted AVI files with subtitle chunks. With a CVSS score of 9.1 and requiring no authentication or user interaction for exploitation, this represents a severe risk for applications using GStreamer for media processing.

Technical Context

GStreamer is a widely-used multimedia framework library for constructing graphs of media-handling components, identified by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability resides in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c, where name_length values are read directly from input files without proper validation. This is a classic CWE-125 out-of-bounds read vulnerability caused by integer overflow - when name_length exceeds 0xFFFFFFFF - 17, the subsequent memory access attempts to read beyond allocated buffer boundaries, potentially exposing sensitive data or causing application crashes.

Affected Products

GStreamer versions prior to 1.24.10 are affected by this vulnerability, as identified through CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability specifically impacts the AVI subtitle parsing functionality within the library. Debian has issued security updates for their Long Term Support releases as noted in their advisory at https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html. Any application or system using GStreamer for media processing, particularly those handling AVI files with subtitles from untrusted sources, should be considered at risk.

Remediation

Upgrade GStreamer to version 1.24.10 or later, which contains the fix for this vulnerability. The patch is available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch and should be applied immediately for systems processing untrusted media content. Until patching is possible, implement input validation for AVI files, restrict GStreamer-based applications from processing untrusted media sources, and consider sandboxing media processing operations to limit the impact of potential exploitation. Monitor the GitHub Security Lab advisory at https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/ for additional updates.

Priority Score

46
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: 0

Share

CVE-2024-47774 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy