CVE-2024-47775

CRITICAL
2024-12-12 [email protected]
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Dec 12, 2024 - 02:03 nvd
CRITICAL 9.1

Tags

Denial Of Service Information Disclosure Gstreamer

Description

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.

Analysis

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to crash applications or potentially leak sensitive memory contents when processing malformed WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication through network-accessible applications using the library. While no public exploits or KEV listings exist, the high CVSS score of 9.1 reflects the potential for both denial of service and information disclosure impacts.

Technical Context

GStreamer is a widely-used open-source multimedia framework library (CPE: cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*) that provides a pipeline-based architecture for handling audio and video streams. The vulnerability occurs in the parse_ds64 function within the gstwavparse.c component, which is responsible for parsing WAV audio files. The root cause is a classic buffer over-read (CWE-125) where the code performs multiple GST_READ_UINT32_LE operations to read 32-bit values from the input buffer without first verifying that sufficient data is available, allowing reads beyond the allocated buffer boundaries when processing specially crafted WAV files with malformed DS64 chunks.

Affected Products

GStreamer versions prior to 1.24.10 are vulnerable to this out-of-bounds read issue, as identified by CPE cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*. The vulnerability affects the core GStreamer library's WAV parsing functionality, impacting any application or system that uses GStreamer for media processing. The vendor has published an official security advisory at https://gstreamer.freedesktop.org/security/sa-2024-0027.html, and GitHub Security Lab has provided additional analysis at https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/. Debian has also issued security updates for their LTS distributions as noted in https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html.

Remediation

Upgrade GStreamer to version 1.24.10 or later, which contains the official patch available at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch. Organizations should review their software inventory for applications that embed or depend on GStreamer and ensure updates are applied across all systems. As a temporary mitigation until patching is complete, restrict processing of WAV files from untrusted sources and implement input validation for media files at application boundaries. For detailed patching instructions, consult the vendor security advisory at https://gstreamer.freedesktop.org/security/sa-2024-0027.html.

Priority Score

46
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: 0

Share

CVE-2024-47775 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy