EUVD-2026-14551
GHSA-9wvw-r6fm-6wwv
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
4Description
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.
Analysis
A security vulnerability in An incomplete fix for CVE-2024-47778 (CVSS 5.1) that allows an out-of-bounds read. Remediation should follow standard vulnerability management procedures.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| trusty | needs-triage | - |
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| questing | needs-triage | - |
| upstream | released | 1.28.1-1 |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 1.18.4-2+deb11u2 | - |
| bullseye (security) | vulnerable | 1.18.4-2+deb11u4 | - |
| bookworm | vulnerable | 1.22.0-5+deb12u3 | - |
| bookworm (security) | vulnerable | 1.22.0-5+deb12u2 | - |
| trixie | vulnerable | 1.26.2-1 | - |
| forky, sid | fixed | 1.28.1-1 | - |
| (unstable) | fixed | 1.28.1-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today