CVE-2024-47538Stack-based Buffer Overflow in Gstreamer

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write7 documents5 sources
Severity
8.6HIGHNVD
OSV8.8
EPSS
0.1%
top 71.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GstreamerDebian Gst-plugins-base1.0
Timeline
PublishedDec 12
Latest updateOct 7

Description

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDgstreamer/gstreamer< 1.24.10
debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.22.0-3+deb12u3 (bookworm)

Patches

Patch: gitlab.freedesktop.org

🔴Vulnerability Details

2
OSV
gst-plugins-base1.0 vulnerabilities2025-10-07
OSV
CVE-2024-47538: GStreamer is a library for constructing graphs of media-handling components2024-12-12

📋Vendor Advisories

4
Ubuntu
GStreamer Base Plugins vulnerabilities2025-10-07
Ubuntu
GStreamer Base Plugins vulnerabilities2024-12-18
Red Hat
gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet2024-12-11
Debian
CVE-2024-47538: gst-plugins-base1.0 - GStreamer is a library for constructing graphs of media-handling components. A s...2024